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BigData " 


TECHCON 


Attend Big Data TechCon to get practical training 
on Hadoop, Spark, YARN, R, HBase, Hive, 
Predictive Analytics, and much more! 


Take a Big Data analytics tutorial, dive deep 
into machine learning and NoSQL, learn how to 
master MongoDB and Cassandra, discover best 
practices for using graph databases such as 
Neo4j and more. You'll get the best Big Data 
training at Big Data TechCon! 
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ABZh Event Big Data TechCon” is a trademark of BZ Media LLC. 
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Holiday Inn Chicago Mart Plaza River North 


Great for quickly coming up to speed in the big data landscape. 
—Ben Pollitt, Database Enginee, General Electric 


There was a large quantity and variety of educational talks with 
very few sales lectures. It was just informative and inspiring. 
This was the best conference ever! Get a ticket for 2015! 
—Byron Dover, Big Data Engineer, Rubicon Project 
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THE NEAR IMPOSSIBLE VERY 
DIFFICULT TASK OF FREE SOFTWARE 
TECHNO-JOURNO-MARKETING 


don’t think many 

people get what I 

do for a living. 

The people out- 
side the Free Soft- 
ware bubble don’t 
get Free Software, pe- 
riod. And those 
within often com- 
plain about what I do because I’m loud in 
my writing. Everyone’s a critic, it would 
seem. 

I’m not alone. There are a few of us 
around: Bryan Lunduke, Rikki Endsley, Jono 
Bacon, Steven J Vaughan-Nichols... Al- 
though we wield different levels of brash- 
ness, we all walk the thin line between tech- 
no-journalism and Free Software marketing. 
It’s perceived as a kind of grubby, morally 
ambiguous line to walk - especially distaste- 
ful for many straight-laced, prissy, Free Soft- 
ware prudes who work within the aseptic 
realm of pure code. 

When we write, we use hyperbole and 
metaphor, we often sacrifice details for the 
sake of simplicity, we fret about catchy 
headlines and pretty graphics, and we often 
wallow for hours - nay, days - in the social 
sludge, wading through the streams of 
(*gasp*) Facebook and Twitter, trying to 
milk retweets, likes, shares, and the Holy 
Grail of blog page views out of our followers. 

We don’t do it because of our egos. We do 
it because Free Software developers suck at 
communicating with the outer world. When 
you only have developers on your team, I 
can guarantee your communication strategy 
is totally screwed. Pair this with a puritanical 
view of blogs and social media, and you 
have a recipe for disaster. 

Take the GPG debacle. Here’s a project 
that powers something like 90% of the pri- 
vacy and signing frameworks in Open 
Source programs. It has been a cornerstone 
of security and open systems for years. But 


Dear Ubuntu User Reader, 


in late 2014, it was about to sink and disap- 
pear, underfunded and understaffed. Their 
funding campaign was failing miserably, 
and they hadn’t reached even a quarter of 
what they needed to even keep the lights on. 

And that’s because their marketing cam- 
paign sucked. Beyond the few people who 
personally knew the developers, the mes- 
sage wasn’t getting out. I wrote about it in 
late December, when things were still really 
bad. Unfortunately, OCSmag.com, the blog I 
was writing for, hadn’t taken off yet, and my 
piece didn’t help much, only garnering 
about 100 reads. 

But then, in February, Julia Angwin pub- 
lished an article about the project's dire fi- 
nancial situation in ProPublica, someone 
posted it to Reddit, and the whole thing ex- 
ploded. 

In less than 24 hours, they had breezed 
past their target figure and had secured 
funding for life from companies such as 
Stripe and (*gasp*) Facebook. The feel- 
good, rags-to-economic sustainability 
story also went viral, and this time my 
piece on the subject, the one I wrote to re- 
port on GPG’s success, was read over 
3,000 times in 24 hours. This, in turn, 
brought more attention and more dona- 
tions to the project. 

The thing is, the person who posted the 
news to Reddit and saved GPG was not re- 
lated to the project in any way beyond being 
a user of the software. He was just some 
third-party random dude who happened to 
read Angwin’s piece. In retrospect, I see 
now it should’ve been me, or Rikki, or 
Bryan, or Steven, but at least yours truly 
learned the lesson. Or in this case, two les- 
sons. 

Lesson number 1 is that you cannot rely 
on the projects themselves to do their own 
promotion, even if their survival is at stake. 
Coders are in the Free Software business for 
the coding and that’s it. If we are to judge by 
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their “design,” even many a project website 
would seem like an afterthought. 

Lesson number 2 is that autopromotion is 
seen as tacky, and many Free Software de- 
velopers prefer not to get into social media 
or icky, troll-ridden news aggregators at all. 

That’s where we, the FLOSS writers-cum- 
horn-tooters, come in. I’ll write an aggran- 
dizing headline, I'll wade into the rapids of 
mainstream social media, and I'll get a thrill 
out of doing so. 

I'll do you one better: I’ll post to non- 
FLOSS forums too, I’ll send the news to gen- 
eral gamer subreddits, who are more into 
Battlefield than Battle for Wesnoth, or to de- 
signer forums were Photoshop rules su- 
preme and nobody has even heard of GIMP. 
You don’t get the word out there by preach- 
ing to the choir. Telling your friends and 
posting on the project mailing list is less ef- 
fective than you think. If you really want to 
expand your user base, if you really want 
new users, you have to go where you don’t 
have any users. 

That requires something different from a 
changelog update. It'll probably require me 
to use some hyperbole and a couple of met- 
aphors. I might need to sacrifice some de- 
tails for the sake of simplicity. I'll have to 
build a catchy/click-baity headline and add 
some garish graphics. If your morals don’t 
allow you to do that yourself, I insist, leave it 
up to me. Just please think twice before giv- 
ing me crap when the headline and the post 
are not exactly as you would have written 
them. 

If they were, we'd have solved nothing. 


av 


Paul C. Brown, 


Editor in Chief 
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Optimizing your Network 

In an age of perpetually interconnected devices, keeping 

your network and its services safe and running smoothly is a 
high priority whether you're an admin or an end-user. 


Anonymous Surfing 

Users who need anonymity while 
surfing the web should consider 
the Tor browser suite. 


Weak Points in your Intranet 

Finding weak points and problematic configurations in 
an intranet typically takes a lot effort. Thanks to careful 
integration into Kali Linux, the OpenVAS and Nmap tools 
can be genuinely helpful. 


Performance Tuning for Web Servers 

The continued rapid growth of the Internet is placing ever- 
increasing demands on web servers. Does the venerable 
Apache HTTP server have what it takes to keep up? 


Web Page Load Time 


Web page loading time relies on a complex interplay 
among the web server, the web page, and the web browser. 
Learning a few tricks can help speed up load times for the 
pages you create. 
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Kubuntu. 

Linux Mint 17.2 

e Cinnamon 2.6 

e Full UEFI support 
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03 Editorial 
The Near Impossible Very Difficult Task of Free 
Software Techno-journo-marketing 
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On THE DVD 


Linux Mint 17.2 + Kubuntu 15.04 
Get the latest versions Linux Mint and 


e Compatible with Ubuntu 15.04 


KDE Plasma 5.9.0 
e Kontact life organizer 
e KDE instant messaging 


Networks 
* 
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KNOW How 


i 
I 


Run your own Scripts 

Many Linux beginners stumble over the fact that you need 
to precede any calls to your own scripts or programs with a 
./ combination. What's up with these dot-slashes? 


Game Development Environments 

GDevelop, Godot, and jMonkeyEngine simplify game 
programming with libraries, game engines, and developer 
tools. Both beginners and advanced programmers can 
create nifty games with minimal effort. 


iPython Notebook 


The iPython Notebook environment offers much more 
than just the interactive execution of Python instructions. 


iPython Notebook lets you seamlessly integrate documents, 


programs, and tools. 


System V vs Systemd 
init and systemd both start, 
monitor, and shut down 

s on Linux, but they 
erwise completely 
different bea 


Differences in PDF Documents 


If you don’t have the right tools, comparing PDF documents 
for differences can be very cumbersome. We discuss five 
nifty tools that can help with this task. 


Discovery GUIDE 


If you are new to Ubuntu, these tutorials will help you get started. 


80 Installing Ubuntu 15.04 89 Multimedia 
We'll walk you through upgrading or 


installing the latest Ubuntu release. 

84 Network and Updates 
Use the NetworkManager to access your 
WiFi and download updates. 


86 Package Management 
Ubuntu's Software Center lets you install 
just about anything. 
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DESKTOP EP te 


I 


You can configure your Ubuntu system 
to support movies, music, and Internet 
telephony. We present some favorite 
multimedia apps. 


93 Virtual Windows on Linux 
We show you how to use VirtualBox to set 
up a Windows XP virtual machine on your 
existing Linux system. 


Publishing Books 

In the past, publishing a book meant sending it to a 
publishing house. With Amazon's CreateSpace and Kindle 
Direct Publishing, you can now publish on your own. This 
article will guide you through the process. 


New Ardour 4 


Safe Thumbdrives 

USB sticks and external hard drives can easily be lost 

or stolen. You should therefore protect these storage 
media against loss and misuse. USBCryptFormat lets you 
safeguard your data without much effort. 


Vivaldi Web Browser 


Opera changed course with version 15, giving up its status 
as independent software and dropping many of its features. 
Vivaldi seeks to offer a new home to fans of the old Opera. 


Xfce 4.12 

Xfce 4.12 has been under development for almost three 
years and is now ready to take over from Xfce 4.10. We 
look at improvements in version 4.12 and what the long 
release cycles mean for users. 
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Reseller.PlusServer stands for excellence in premium hosting: 


= Data centers in the United States and Europe 
= Redundant high-speed network 

= High-performance hardware 

= 24/7 premium support service 

= White-label ResellerPanel 

= Up to 30% discounts 


Hy kt 


Ultra-modern 
data centers 
i Ņ in Europe and 

United States! 


~*cesellendlussenjs” 


is 
ai 


We offer the highest standard of hosting to you, so We offer everything you will need to start your 

that you can provide your customers with nothing own hosting brand - a control panel for each 

short of the best products on the market. of your customers with lots of useful functions, 

Our expert development, technical support, sales the possibility to create your own design for the 
and customer service teams are at your disposal customer panel and to determine what features you 
around the clock giving you the ability to be on top want to offer them, and to make all sorts of other 
of the competition. customizations. 


Find out more: reselenolusseryer 
reseller.plusserver.com PREMIUM HOSTING SOLUTIONS 


Linux Mint 17.2 + Kubuntu 15.04 


ON THE DV 


Jawe cd 


This month, on our double-sided disc, we have the latest ver- 
sion of the most popular Ubuntu derivative, Linux Mint 17.2 Ra- 
faela, and the newest version of Kubuntu, 15.04 “Vivid Vervet.” 


On side A, you'll find the 64-bit version of Linux Mint, code- 
named Rafaela, complete with the Cinnamon desktop and all 
the software available in the Ubuntu repositories, 
sist 
acted Side B comes with the 64-bit version of Kubuntu 15.04, a full- 
tarten Ime Monero uad Sed pA : i > 
L Mevnda iata woc wortoonevt:7, 149.08 cim) fledged Ubuntu optimized with the innovative KDE Plasma 5 


Neen i ATEA desktop environment. 
E moo 19a 
Monis M mam G sop ina mawa Linux Mint 17.2 


+ Cinnamon 2.6 

+ Full UEFI support 

+ Improved Nvidia Geforce drivers 

* Fully compatible with Ubuntu 15.04 repositories 

+ LibreOffice 4.4.3 

Kubuntu 15.04 

* KDE Plasma 5.9.0 

* Powerful Plasma desktop 

+ Kontact life organizer (email, calendar, notes...) 

+ KDE IM for Skype, Facebook chat, Google Talk, etc. 


+ Muon package and update manager 


Douste-Sipeo DVD 


This DVD is a double-sided Live disc. 
You can try out the operating systems 
on the disc without installing anything 
on your computer. You can later install 
Mint or Kubuntu from the Live desk- 
top. 

This DVD has a label on side A of the 
disc, so if you want to run Linux Mint, 
the side with the label should be fac- 
ing up in the tray. If you want to use 
Kubuntu, you should insert the DVD in 
the tray with the label side facing 
ADDITIONAL RESOURCES down. 

[1] Linux Mint: Attp:/www.linuxmint.com/ 

[2] Kubuntu: http:/www.kubuntu.org/ 
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In an age of perpetually interconnected devices, keeping your network and its services safe and 
running smoothly is a high priority whether you're an admin or an end-user. 


Optimizing, securing, and tuning your network 


NETWORK NINJA 


BY PAUL C. BROWN 


n the bad old days, a computer 
was a Standalone thing. If you 
needed to get something onto the 
hard disk, you typed it in your- 
self, or you copied it from a floppy 
disk. Today the frontier between 
your computer and your internal 
network - and between your net- 
work and the Internet - has blurred 
so much that some computers can’t 
even work without a connection 
to the outside world. 
Behind many of the ser- 
vices you access online or 
on your local network is 
the venerable Apache 
web server. Apache 
has been around for 
two decades now, 
and for most of that 
time, it has been 
(and still is) the 
backbone of the 
Internet. De- 
spite many 
cool alterna- 
tives, 
Apache 
is still 
the 
most 
used 
server 
out on the 
web, by a 
large margin. 
Apache is also 
as the backend 
‘intranet ser- 
h -based ERP you use in 
your office, the Linux-based multi- 


media server you enjoy at home, and 
the web interface you manage your 
database with probably all use 
Apache. It makes sense, then, to 
learn how to configure Apache to 
make it as efficient as possible. 

We’ll show you how to make 
Apache as lean, mean, and secure as 
its competitors by disabling 


unnecessary modules, 
tweaking DNS lookups, and 
monitoring performance. However, 
ensuring good website performance 
requires more than just tweaking 
your web server. A good web design 
can also help. We’ll describe some 
simple tips for keeping your pages 
light. You’ll learn how to optimize 
your templates for a faster genera- 
tion of dynamic pages, how to pass 
validation tests for your markup and 
CSS, and how to clean up your code 
to ensure your pages render as fast 
as possible. 

Bottlenecks and vulnerabilities 
don’t all happen at the website level. 
Many occur elsewhere on your net- 
work. We will show you how to give 
individual systems and complete 
networks the once over and check 
for weak points using Kali, a live 
distribution designed for testing and 
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securing networks. Kali Linux makes 
it easy to check your network, even 
for the inexperienced user, by 
providing a set of 
straightfor- 
ward tools 
that are sim- 
ple to config- 
ure and de- 
ploy. 

But what 
happens 
when 


you're 
on the 
other 
side - 
browsing, rather than 
posting your own content? If 
you want to surf the Internet anony- 
mously and preserve your privacy, 
you need to consider the Tor net- 
work. The Tor browser package of- 
fers a simple solution that is ready 
to go and easy to configure right 
after the download. We’ll show you 
how to start surfing anonymously 
with Tor. 

Always remember that keeping 
your network secure and running 
smoothly is not something you can 
do by yourself - everyone on your 
network has to play a part. One 
weak link can make the whole net- 
work suffer and put everybody at 
risk. Read on to learn how you can 
keep the dangers of the intercon- 
nected world at bay. e 
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FEATURES OPTIMIZING WEB PAGES 


Web page loading time relies on a complex interplay among the web server, the web page, and the 
web browser. Learning a few tricks can help speed up load times for the pages you create. 


Minimizing load time for web pages 


OPTIMIZED 


BY FRANK HOFMANN, GEROLD RUPPRECHT 


eb page optimization 
can be approached from 
two sides: the user and 
the editor. Users can im- 
prove loading times by optimizing 
the configuration of a web browser 
and removing unwanted content 
with the help of various browser ex- 
tensions. 
In this article, however, we will 
focus on the editor side. We will be 
looking at issues that can assist 


you in preparing and displaying the 
contents of your web pages. 

As an editor, you are responsible 
for the content of web pages. In 
addition to creating the individual 
elements of the web presence like 
text, tables, and images, editing 
tasks frequently include web page 
design. 

This involves format templates in 
the form of cascading style sheets 
(CSS) [1] and also active content 
produced with JavaScript, such as 
the popular components Ajax, 
jQuery, and JSON. You can tame 
these technologies with the help of 
various tools for validating con- 
tent. 


READABILITY 

Formulating content that is as easy 
to read as possible may sound like 
a totally obvious concept. Even so, 
authors frequently devote only 
passing attention to readability. 
Ideas and the text that originates 
from them need to be expressed 


WEB PAGE GENERATORS 


+ Is the font correct? Whenever possi- 
ble, you should use Unicode. 

+ Does every page of the web pres- 
ence have a suitable and informative 
title? 

* Does each page in the heading sec- 
tion have key words that match the 
page content? 

+ Does the web server deliver an 
HTML document that is completely 
valid? 
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clearly so that, for example, auto- 
mated translations are successful, 
thereby allowing you to reach read- 
ers from all over the world. 

The back translation of an auto- 
matically generated translation is a 
good indicator of the international 
attractiveness of a web page (Fig- 
ure 1). You can use the translation 
services from Google [2] or Yandex 
(in Russian) [3] to that end. If you 
cannot easily recreate the meaning 
of the text after the second transla- 
tion, then you should think about 
using less complicated grammar 
and simpler sentence structures. 
This approach gives quick and im- 
proved results and noticeably in- 
creases success. 


GENERATORS 
Whether you create web pages au- 
tomatically or on the basis of a 
template, you should take care to 
follow the suggestions in the “Web 
Page Generators” box. Following 
these suggestions might look like a 
lot of work, but the end effect will 
be that things will run faster on a 
variety of levels. 

Web browsers process valid data 
significantly faster because there is 


Listing 1: Usine CSSTipy 


$ csstidy style.css 


Selectors: 24 | Properties: 100 

Input size: 2.922KiB Output size: 2.134KiB 
Compression ratio: 26.97% 

body I 

background: #FFF; 

color:#000; 

font-size:medium; 

1 


img { 

border:none; 

} 

CANT 

3: Optimised color: Changed "white" to 
"#FFF” 

4: Optimised color: Changed "black" to 
"#000" 

20: Optimised color: Changed "#000000" to 
"#000" 

38: Optimised color: Changed "white" to 
"PFFF" 

46: Optimised color: Changed “white” to 
"PREF" 

47: Optimised font-weight: Changed "normal" 
to 7400" 


Google 
Translate 


Spanish German English Detect language ~ N 


Si puedes mantener la cabeza cuando todo sobre * 
usted 

Están perdiendo la suya y te culpan por ello, 

Si puedes confiar en ti mismo cuando todos dudan 
de ti, 

Pero tomas en cuenta sus dudas; 

Si puedes esperar y no cansarte de la espera, 

O siendo engañado, no pagar con mentiras, 


9m- 


Tum oft instant translation 


About Google Translate 


Mobile 


E o | 


If you can keep your head when all about you 
They are losing theirs and blaming it on you, 

If you can trust yourself when all men doubt you, 
But you take into account their concems; 

if you can wait and not be tired by waiting, 

Or being lied about, do not deal in lies, 

Or being hated, do not give way to hating, 

And yet do not look too good, nor talk too wise: 


ca) A wonn 


Community Privacy&Tems Help Send feedback 


Figure 1: “If” by Rudyard Kipling is still easy to understand after an automatic translation into 


Spanish and than back into English. 


no post-processing on the part of 
the rendering engine. 

Additionally, search engine 
crawlers will select the content and 
the page titles together with the 
corresponding key words, thereby 
figuring out how to make sense of 
your web page. 

Web page identification and rele- 
vance of a web page to search re- 
quests depend in part on how the 
questions listed above are re- 
solved. If done properly, the search 
engine will be able to categorize 
your web page more precisely ac- 
cording to its own criteria, and the 
page can later be found again via 
the index of the search engine. 

This increases the hit rate and 
the number of visitors, which in 
turn has an effect on the impact 
and relevance of the web presence. 
Content and advertisements don’t 


LISTING 2: PREFETCH AND PRERENDER 


<link rel="prefetch" href="http://www. 
meineurl.de"> 

<link rel="prerender” href="http://www. 
andereseite.de"> 


LISTING 3: IDENTIFYING USER'S 
DEVICE 


if(strpos($_SERVER[ HTTP_USER_AGENT], 
"iPhone")) 
{ 

// Instructions for a visitor with an 
iPhone 
} 
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count for much unless the page 
also has visitors. 


AUTOMATIC 

Documents composed in a markup 
language such as XML, LaTeX, 
WML, Markdown, or AsciiDoc pro- 
vide the starting point for a web 
page. The HTML code created from 
these languages should be checked 
for accuracy after export. This step 
is usually done as part of optimiza- 
tion when trimming and simplifying 
the HTML output [4] and the CSS 
files [5]. 

A variety of tools and formats are 
available for exporting HTML, in- 
cluding Pandoc [6] and AsciiDoc 
[7], which use a formulation similar 
to wikis, DocBook [8], as an inter- 
mediate step, and also directly via 
Docbook2html. 

If your documents are based on 
LaTeX, then you are probably al- 
ready familiar with the classic La- 
TeX2HTML [9]. Because this lan- 
guage has not been developed since 
2001, it makes sense to take a look 
at its successors TeX to HTML trans- 
lator (TtH) [10], HyperLaTeX [11], 
PlasTeX [12], and tex4ht [13]. 

If you are using XML, then Saxon 
[14] and Htc-py [15] are helpful. An 
XHTML document is by definition 
also an XML document. If correctly 
exported, there are no problems for 
either an XML parser or most 
browsers. However, Internet Ex- 
plorer has trouble handling XHTML 
documents, so it would be better to 
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</ul> 


<p>. Acceptable nesting is- <p> <em> <em> p> 


<li>; <ai> requires <d and <dt>), and soon. 


URLs as described by the WDG In “Ampersand In URLs". 


disappear when the eriginal problem ts fced. 


ne 276 


dation Service. 


use HTMLS. If you need XHTMLS 
because of SVG or MathML, for ex- 
ample, then it’s best to develop 
polyglot documents [16]. 


VALIDATING 

Even though documents are gener- 
ated automatically, this does not 
ensure that documents created dur- 
ing each export will comply with 
all of the conventions of the HTML 
standard. 

You should always monitor the 
output and include HTML, CSS, and 
JavaScript. The result will be that 
you reduce errors in the display for 
which HTML and CSS are responsi- 
ble, and in the execution when 
JavaScript, Ajax, jQuery, and JSON 
come into play. 

Furthermore, a user’s web 
browser will have an easier time 
correctly interpreting and display- 
ing data it receives. As a side bene- 
fit, the network load gets reduced 
because fewer requests and data 
packets need to be sent back and 
forth between the web server and 
the browser. 

The W3C Markup Validation Ser- 
vice [17] is the reference for vali- 
dating HTML code. The service pro- 
vides a reliable report for entire 


© Line 202, Column 29: end tag for “ul” which is not finished 


Figure 2: These are results for the validation of an existing web page from the W3C Markup Vali- 


Most kely, you nested tags and closed them in the wrong order. For example <p><em>...</po is not acceptable, as <em> must be cloved before 


‘Another possiblity t that you used an element which requires a chi element that you dd not include. Hence the parent element Is “not finished", not 
‘complete. For instance, in HTML the <head> element must contain a cttle> chid element, ists require appropriate Ist tems (<ul> and <el> require 


AÀ Line 276, Column 162: cannot generate system Identifier for general entity "utm_medium” 

ines /obuntu-user,htnl 2utm_sourcesUUUKS ui tm_sediussLinksuta_canpaign=SHOP” targe- 
An entity reference was found in the document, but there is no reference by that name defined. Otten this is caused by misspelling the reference 
name, unencoded ampersands, or by leaving off the tralling semicolon (). The most common cause of this error is unencoded ampersands in 


Entity references start with an ampersand (2) and end with a semicolon £}. if you want to use a lteral ampersand in your document you must encode 
R as “tamp” (even meide LALE). Be careful to end entity references with a semicclon or your entty reference may got interpreted in cornecticn with 
the folowing text. Also keep in mind that named entity references are case-sensitive: Aelig: ard Sael: are diferent characters. 


I this error appears in some markup generated by PHP's session handling code, thie article has explanations and solutions to your problem. 
[Note that in most documents, errors related to entity references will tigger up lo $ separate messages from the Validator. Usually those will all 


websites or just individual HTML 
files. Files get uploaded via a form, 
and it’s easy to figure out from the 
report where cleanup and improve- 
ment are needed (Figure 2). 

The XML Schema validator [18], 
which is included in the service, is 
fastidious but it specializes in the 
XHTML dialect. The Firefox plugin 
validator [19] and HTML validator 
[20] can also provide helpful assis- 
tance. They display the results of 
the test as a separate window. 
These results are based on a 
method established by the W3C in 
combination with the tools Tidy 
[21], Tidy for HTMLS [22] and 
OpensP [23]. 

Check accuracy for JavaScript 
code is more difficult. In practice, 
JSLint [24] and JSHint [25] have 
proven helpful. Both tools can be 
used via a text field that is pro- 
vided on the web page for each 
project. 

After entering the JavaScript code 
into the field, you will immediately 
get an evaluation of the complexity 
of the program code and also a list 
of the errors that have been discov- 
ered. Offline tests include Acorn.js 
[26] and ESLint [27] in addition to 
JSHint. 


LISTING 4: REFERENCING FORMAT TEMPLATES 


You can use the npm package 
manager from Node.js for installing 
both of these command-line tools. 
In this way, you keep installation of 
these components separate from 
the package management of the dis- 
tributions. 


Vauipatinc CSS 

It is easy to forget to check format- 
ting guides in the form of CSS. 
However, detecting errors in these 
files is quick and easy with CSS- 
Tidy [28]. 

CSSTidy not only validates CSS 
code, it also analyzes and opti- 
mizes key terms in the code. The 
program uses RGB notation to 
translate things like colors from 
word form to the corresponding 
color code; for example, the word 
“white” is translated to #FFF. 

Moreover, CSSTidy removes su- 
perfluous spaces, semicolons, and 
redundant assignments. The out- 
put shown in Listing 1 illustrates 
this with a sample invocation. Al- 
together, CSStidy reduces the size 
of the example by more than 25 
percent. 


COMBINATION 

Many websites distribute the for- 
mat templates into different files, 
putting them back together later. 
As far as possible, you should col- 
lect these different files into one 
single file so that the browser need 
not open a new connection for each 
additional CSS file. 

Be careful to reference the format 
templates in the heading section of 
the HTML file, because modern 
browsers try to load referenced files 
in parallel. The cache for the web 
browser takes on the role of buffer- 
ing external files. The browser will 
only reload the files from the origi- 
nal source via an explicit reload. 

You should also check whether 
the content of the web page be- 
comes accessible to the reader even 


<link href="iphone.css" rel="stylesheet" type="text/css" media="only screen and (min-width: Opx) and (max-width: 320px)"> 


<link href="ipad.css" rel="stylesheet” type="text/css" media="only screen and (min-width: 321px) and (max-width: 768px)"> 


<link href=*style.css* rel="stylesheet” type="text/css" media="only screen and (min-width: 769px)"> 
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without a format template. It is 
possible that many readers will use 
the text browser you offer, but oth- 
ers may have deactivated CSS in 
their web browser or the format 
template may have gotten lost dur- 
ing transmission. You should like- 
wise be careful that the web crawl- 
ers for the search engines are only 
interested in the contents of the 
web page and that CSS itself at- 
tracts little attention. 


OPTIMIZED 

As stated previously, a complex 
process exists behind the represen- 
tation of a website on your monitor. 
Part of this complexity is because 
of the display of illustrations in the 
text flow. 

If the rendering engine of the 
browser already knows the image 
size, it can reserve an appropriate 
space and add the image data, 
which loads more slowly, into the 
correct spot in the layout after the 
transfer is complete. 

The images need alternate text 
(ALT attribute) and correct size 
specifications in the IMG tag so that 
they load with the least amount of 
computing cost and time. During 
the data transfer, the web browser 
will show the alternate text in the 
placeholder. Visually disabled per- 
sons, as well as search engines, can 
profit from good descriptions of the 
images. Image scaling turns out to 
be a disadvantage in this step. 

It does not make sense to move a 
large image together with the ac- 
companying data volume over the 
connection only to have the render- 
ing engine turn it into a smaller 
size that fits. 

The image size also influences 
the processing in the browser 
cache. Sizes that are powers of 2 
have an advantage (e.g., 8, 16, 32, 
64, 128, 256, 512, and 1024 pixels). 
The cache internal processing and 
the page alignment work at their 


LISTING 5: HTMLCLEAN OUTPUT 


$ htmiclean -v *.htm 


2317 1999 13% impressum. html 
3669 3276 10% index.html 
15361 13823 10% neuigkeiten.html 


detauit 
default 
defaut 
detauk 


network predictor.redirect-thely-confidence 
dwork predictor subresource-degradation day 

network predictor.subresource-degradation.max 
twork predictor subresource-degradation.month 


pretwork.predictor.subresource-dagradation. week defaut 
etnork.predictor.subresource-degradation.year default 
twork prefetch-next default 

eea rae user set 


default 
defaut 
defaut 
default 


jetwork protocolhandler.expose-all 
network.protocol-handler.expose,traiito 
jetwork.protocol-handlenexpose.nows 
jnetwork protocol-handler.expose.nntp 
Inetwork.protocol-handlerexpose.snews 
network. protocol-handler.external-default, 
jnetwork-protocol-handler.external.afp 
network protocol-handlerexternal.data, 
twork protocol-handler.external. disk 


default 
default 
defaut 
default 
defaut 
default 
defaut 


hetwork-protocol-handler.external.disks. 
lhetwork.protocol-handler.extemnal.hcp 


Jretwork.protecol-handler.external.ie default 


Ty value a 
integer 75 
integer 1 
integer 100 
integer 25 
integer 10 
integer 30 
boolean = true 
string kmail 
boolean true 
boolean fake 
boolean false 
boolean false 
boolean false 
boolean true 
boolean false 
boolean fase 
boolean false 
boolean false 


boolean 
boolean 


Figure 3: Prefetching, which is the automatic loading of content before it actually gets called, can 
be turned off in Firefox via the internal settings. 


most efficient when dealing with 
these multiples. 


LOADED LATER 

HTMLS includes functions that al- 
ready load the content before a vis- 
itor to the web page explicitly calls 
it. For example, this technique is 
used for teaser text that points to 
additional content, such as a com- 
plete article. News portals favor 
this function on the title page. 
Many content management systems 
come with this type of function al- 
ready integrated. 

From a technical point of view, 
this content is referred to as “load- 
able later.” HTMLS provides the 
link attributes prefetch and preren- 
der [29] for this purpose. The first 
of these attributes only loads the 
referenced resources. The second 
attribute additionally prepares the 
entire page in the background. List- 
ing 2 shows two links specified ac- 
cordingly as an example. 

As soon as the user calls the cor- 
responding link, the web browser 
loads a page in the background and 
displays it with no further load and 
computing time. This approach re- 
duces load times and better utilizes 
the network bandwidth. However, 
it also causes additional network 
load and generates entries in the 
browser cache even for pages you 
have not actually visited. 

The entire process only functions 
if the corresponding option has 
been activated in the web browser. 
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Firefox comes with prefetch in its 
standard configuration. 

If needed, you can monitor the 
corresponding setting in the net- 
work.prefetch-next key under 
about:config (Figure 3). Firefox 
does not offer an option for con- 
trolling the function via the config- 
uration dialog. 


CLEAN CODE 

When you use dynamic content cre- 
ated with JavaScript, PHP, Perl, or 
Python, you should use the most ef- 
fective programming language that 
is available for the web page. And, 
if possible, you should always use 
the most up-to-date version. 

Remember to take the usual prin- 
ciples of good programming into ac- 
count, including readability, docu- 
mentation, and modularity of the 
components. Using templates re- 
duces the number of errors and 
makes it possible to have a unified 
site that is easier to maintain. 

The complex browser differences 
of the past were cause for lots of 
extra work and lots of gray hair. 
Today, however, the developer has to 
keep all of the possible output de- 
vices in mind. 

The reader with a smartphone has 
different requirements for the web 
page than a PC user. You can iden- 
tify the device being used with a lit- 
tle PHP code snippet like the one 
shown in Listing 3 and then you can 
send back a specific format tem- 
plate. If you are using several differ- 
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TIMI; 


ent format templates, then they 
should all be referenced in HTML5 
similarly to Listing 4. 

A few stumbling blocks can trip 
you up when information about size 
is used in format templates. To make 
the various output devices scalable, 
you should always use the em [30] 
specification. This unit has a long 
history in typography and is used to 
measure the horizontal width and 
the number of letters. In CSS, it will 
define the number of pixels and let 
you measure width and height even 
though only the proportions of the 
web page elements are of interest. 

If you have not specified the size 
of the contents on the web page by 
means of the BODY tag, then the set- 
tings of the user will apply. This also 
applies to the specifications of font 
type and size. You can always enter 
a generic font like sans or sans-serif 
as a fallback solution. If the re- 
quested font is not found in the visi- 
tor’s system, then the browser will 
at least load a usable alternative. 


Compact CODE 

Although the shape of the HTML 
source text may be quite important 
to you as a web developer or an edi- 
tor, the web browser ultimately pays 
no attention. It will ignore spaces, 
indentations, and line breaks. Thus, 
it makes sense to set up a compact 
and cleaned up version of the web 
page on the web server. This signifi- 
cantly decreases the data volume to 
be transferred and the preparation 
time of the web page. 

Many tools can be used for the 
cleanup process, primarily as part of 
the HTML Tidy project described 
above. Examples include the Java- 
based JTidy [31], the Perl version 
PTidy [32] and the Python interface 
for TidyLib [33]. 

Via the libhtml-clean-perl package, 
users of Debian based distributions 
enjoy access to the workings of the 
htmlclean program, which assumes 
this task with appealing output 
(Listing 5). 

In order of appearance, the col- 
umns in the output include the origi- 
nal size of the file, the size of the 
compressed version, the degree of 
reduction, and the file name. Addi- 
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tionally, htmlclean creates an ar- 
chive file with the extension .bak so 
that the original file remains intact. 

To avoid having to constantly com- 
press files manually, you can use the 
mod_tidy [34] module for the 
Apache web server. 


CONCLUSION AND OUTLOOK 

This article discussed some of the 
tools available to help you optimize 
your web pages. It also provided in- 
formation on how to use these tools 
to formally check the correctness of 
your web page content and optimize 
it for rendering. For further informa- 
tion on this topic, you can refer to a 


INFO 


Firefox lecture given by Frank Rich- 
ter at Chemnitzer Linux Day 2010 
[35], which provides details about 
various extensions along with con- 
crete examples. Additionally, the 
caching tutorial by Brian D. Davison 
[36] explains how to optimize the 
organization of data at the meta 
level. ə 
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Users who want to surf the Internet anonymously need to consider the Tor network. The Tor 
browser package offers a simple solution for protecting your personal privacy. 


Anonymous surfing on the Internet 


PRIVACY FIRST 


BY ERIK BARWALDT 


he Internet is a veritable cornucopia 

for data collectors of all kinds. Se- 

cret service agencies, marketing 

agencies, and criminals are lying in 
wait to gather up and abuse the personal 
data of unsuspecting surfers. In many 
cases, it is the browser, or the add-ons used 
by the browser, that provide access by data 
spies who, through the application of so- 
phisticated website programming tech- 
niques, invade and diminish the personal 
privacy of others. 

The standard settings for the typical web 
browser without protective extensions 
leave the user wide open to real risks. Surf- 
ing habits can be captured and identified. 
The user is vulnerable to malware attacks. 
Manually harden the software thus makes 
sense, but this process requires experience 


with techniques for guarding against cyber- 
attacks. The Tor browser offers a much 
simpler solution for users wanting to block 
snooping and overzealous data collection. 


How It Works 

The Tor bundle combines several reliable 
technologies from open source software, 
thereby achieving a very high level of secu- 
rity. The Tor network and the Firefox web 
browser function as the central compo- 
nents of the bundle. The Tor team has en- 
tiched Firefox with several preconfigured 
add-ons and then configured the browser 
so that it searches for access to the Internet 
exclusively via onion routing. You could 
manually install both components but that 
would take a lot of configuration work. 
Therefore, the Tor browser package is ide- 
ally suited for the security-minded user 
lacking subject matter expertise in cyberse- 
curity and data privacy. 

The Tor concept had been developed by 
the year 2000. In 2002, a pre-alpha version 
of the Tor project was introduced to the 
public, allowing users to anonymize their 
connectivity data for the Internet. The Tor 
project is suitable for secure browsing but 
also for IRC, email, and messaging ser- 
vices. The software operates on the onion 
principle. The data traffic of the Tor client 
is directed to a so-called entry guard, 
which is the entry node. This node trans- 
mits the traffic to another Tor node, a so- 
called relay node, that then sends the infor- 
mation on to an exit node, which serves as 
a doorway to the regular Internet. 

The advantage of this approach is that 
none of the nodes knows all of the infor- 
mation about a particular connection. For 
example, the entry guard knows where the 
request originates, but not to whom it is 
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addressed. This information is only known 
by the exit node, which in turn does not 
know where the request originates (see 
Figure 1). The so-called mixed cascade 
changes its route every 10 minutes so that 
the packets run continuously via new 
nodes. It is not known beforehand which 
nodes these will be; therefore it becomes 
extremely difficult to attack and reveal the 
connection. 

Tor, however, encrypts data only during 
traversal of its relay nodes. If you use the 
unencrypted HTTP protocol, then the in- 
formation transmitted outside of the Tor 
network will remain visible. This means 
that an attacker could capture passwords 
that might be transmitted. 


THE Tor BROWSER 

The bundle from the preconfigured Tor 
client and the modified Firefox browser 
is available in various languages [1]. 
After downloading the version suitable 
to your architecture, you can unpack the 
archive with 


tar -xvf 2 


tor-browser-linuxVersion.tar.xz 


in the terminal. Then, move the newly 
created tor-browser_de directory into a 
folder such as /opt and switch to 
tor-browser_en-US/Browser. 

Enter ./start-tor-browser to begin set- 
ting up the software. Using its graphical 
user interface, the tool will first ask how 
you would like to make contact with the 
Tor network. A user with direct connec- 
tion to the Internet would probably se- 
lect a direct connection and click on the 
connect button. After accessing the net- 
work, the modified browser based on 
Firefox version 31.6.0 ESR will start. In 
the upper portion of the screen, you will 
find menu options for the browser secu- 
tity levels with a slider to set your prefer- 
ences (Figure 2). 

Setting the levels is important because 
completely blocking all of the web tech- 
niques currently in use means that much 
of the content available over the Inter- 
net, especially multimedia content, does 
not display correctly. Therefore, you 
should avoid pushing the slider to the 
maximum level of protection if you are a 
frequent visitor of sites with lots of opti- 
cal gimmicks or multimedia content. Ad- 
ditionally, you will find some settings for 
privacy above the slider. These are al- 


Entry Guards 


Tor-Client 


Relay Nodes 


Exit Nodes 


about a connection. 


ivacy and Security Settin 


Privacy Settings 


@& Disable browser plugins (such as Flash) 


Security Level 
High 


Medium-High NosaipE 


P 


Medium-Low 


disabled. 


Low (default) 


Custom Values 


Restore Defaults | 


© Don't record browsing history or website data (enables Private Browsing Mode) 


@ Restrict third party cookies and other tracking data 
© Change details that distinguish you from other Tor Browser users 


At this security level, the following changes 
apply (mouseover for details): 


HTMLS video and audio media become click-to-play via 


Some JavaScript performance optimizations are 
disabled, Scripts on some sites may run slower. 


Remote JAR files are blocked. 
Some mechanisms of displaying math equations are 


Figure 1: None of the three relay nodes of the onion routing system has complete information 


Figure 2: Security level preferences can be easily set with a slider. 


ready activated in order to prevent spy- 
ing by tracking services. 


MODIFICATION 

The onion symbol sits on the upper left 
in the browser next to the address bar. 
To the left of this symbol is the NoScript 
icon. As soon as you call up a web page 
and click on the small triangle next to 
the Tor icon, you will be able to see 
which route your data packets take. The 
route is shown next to the configuration 
menu and is displayed in the form of IP 
addresses for the Tor nodes used to 
transmit data as well as the location of 
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the servers. You will also see that Tor 
chooses a new route every time another 
page is called (Figure 3). 

Clicking on the icon for the NoScript 
add-on to the left of the Tor onion, and 
selecting the Options entry in the menu, 
opens a rather voluminous dialog con- 
taining the tools settings. The developers 
of the Tor bundle put a lot of careful 
preparation into NoScript so that the set- 
tings are not too restrictive for most 
websites. However, if a frequently called 
website doesn’t appear correctly because 
of a lack of rights, then you should enter 
the URL for the affected site in the op- 
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General whitelist Embeddings Appearance Notifications Advanced 


You can specify which web sites are allowed to execute scripts. Type the address or the domain 
(e.g. “http://www.site.com" or "site.com") of the site you want to allow and then click Allow. 


Import Export 


Reset Cancel (ators 


sites in a finely grained way. 


tions menu under positive list. The 
add-on for the site will then allow scripts 
to execute (Figure 4). 

You can prevent Microsoft Silverlight, 
Adobe Flash, Java, and other programs 
from loading with embedded objects. Re- 
member that overly restrictive settings 
will cause websites to run incorrectly. 
Therefore, the browser comes with this 
filter deactivated. The settings under ex- 
tended make it possible to fine-tune the 
behavior of the add-ons. For this, the tool 
makes a distinction between trustworthy 
and non-trustworthy sites and defines its 
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Figure 4: The NoScript add-on makes it possible to deal with the scripts embedded in the web- 


own rules by setting or removing check- 
marks for the corresponding options. 

Additionally, the HTTPS group lets you 
force or prevent encrypted connections for 
addresses that you can choose as you wish. 
But, because the developers of the Tor Bun- 
dle have already integrated the Firefox 
HTTPS Everywhere add-on, the browser 
already requests the encrypted version of 
all sites called. 

The developers have even modified the 
customary the configuration dialog for Fire- 
fox. As a result, the basic configuration of 
the browser does not create a browsing his- 


tory and it does not save passwords. You 
will find a data transmission function intro- 
duced and implemented in more recent 
versions of the Tor browser in the extension 
| data transmission tab. However, this is 
turned off. With this setting, the software 
does not send status reports to the Tor proj- 
ect. The preset update function in Firefox 
was modified so that only the search for 
updates in the extensions | update tab is 
activated. The updates themselves are not 
automatically installed. 


ADVERTISING AND TRACKING 
Commercial websites can be so cluttered 
with banners and animated content that 
the user loses sight of the actual content. 
Many sites also load so-called web pixels 
that often, unbeknownst to the user, track 
user surfing behavior to many other sites. 

Firefox offers two effective tools - in 
the form of the Adblock Plus and Ghos- 
tery add-ons - for dealing with these 
pests [2]. However, the Tor project has 
not yet integrated them into the bundle. It 
is a good idea to install these manually. 
You will find that the browser speeds up 
because unnecessary DNS queries disap- 
pear. It is also smart to add the filter sub- 
scription Social Media for Adblock Plus to 
prevent tracking by social media services 
like Facebook and Twitter. 


CONCLUSION 

The Tor browser bundle makes it possible 
to significantly increase the level of your 
privacy on the Internet. The developers 
have preconfigured the relevant settings 
very well so you won’t need to worry 
much about manual configuration. In my 
test, the browser exhibited performance 
similar to that of the standard Firefox ver- 
sion. The only flaw in the bundle is the 
lack of the Adblock Plus and Ghostery 
add-ons, but you can easily fix that with 
manual installation that requires just a 
few mouse clicks. e 
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[1] Downloading the Tor browser: 
https://www.torproject.org/ 
download/download-easy.htmI. 
en 

[2] Firefox Add-ons: https:/addons. 
mozilla.org 

[3] Adding a subscription: https:// 
adblockplus.org/en/features 
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helpful. 


Tracking down weak points in your intranet 


WEAKEST LINK 


BY ERIK BARWALDT 


he developers of Kali Linux [1] deliver a 

considerable number of tools for the 

task of identifying weak points in your 

network. Among these, Nmap [2] and 
OpenVAS [3] are the most important. 


Nmap 

Nmap provides basic information about the 
network, and it can check connected systems 
for weak points with scripts that are imple- 
mented by its scripting engine. The software 
comes with scripts for a wide variety of many 
well-known shortcomings. Entering the name 
of the script starts a test of the system. You will 


find these ready-to-use test routines in the sub- 
directory /usr/share/nmap/scripts/. More than a 
hundred such scripts are located here that are 
capable of checking the internals of all services 
imaginable. The basic command invocation is: 


$ nmap --script=Name Target-IP 


Nmap also includes Lua, a widely known, plat- 
form-independent programming language. This 
language gives even less experienced users a 
capability for writing new scripts. Because 
Nmap does not put the scripts into subfolders, 
you should take a look at the /usr/share/nmap/ 
scripts/script.db file. This file lists all of the tests 
in plain text that are integrated into Nmap and 
assigns the tests to categories. Examples of the 
headings for these categories include auth, 
broadcast, brute, discovery, dos, malware, and 
vuln (Figure 1). 

You will find one or more category assign- 
ments behind the name of each script. Some of 
the script names make it obvious which service 
or server the routine will test. The method for 


Heaps Up 

When running, Kali Linux reserves half 
the available working memory as a vir- 
tual hard drive. If this space is less than 
4GB, there will not be enough room for 
the OpenVAS download. This means 
the setup gets interrupted and the sys- 
tem, which has been filled to capacity, 
cannot be used until the next boot. 
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arranging and naming scripts also makes it pos- 
sible to manually select the application you 
want to test. Nmap accepts a placeholder when 
a script is called, which allows you to call all of 
the scripts relevant to a particular server with 
just one call. For example, to start all tests rele- 
vant to a Microsoft SQL database server, enter 
the following invocation at the prompt: 

$ nmap --script="ms-sql-*" Target-IP 
The routine then runs all scripts belonging to 
this service and outputs the results in a list view 
(Figure 2). If you want to look at more than one 
computer with all the scripts in a particular cate- 
gory, you enter the following command: 


-script=categoryl, 2 
Target IP 


$ nmap - 
category2,... 


Remember that the testing routines can precipi- 
tate a crash of the targeted system. This is espe- 
cially true for running a large number of tests. 
Therefore, you should schedule more burden- 
some tests when there is a reduced load on the 
network. Additionally, and to be on the safe 
side, you should make a backup of a target pro- 
duction system before beginning the tests. 


OPENVAS 

The Open Vulnerability Assessment System 
(OpenVAS) is among the most important of the 
tools that are used to find weak points in indi- 
vidual computer systems and complete net- 
works. The software offers around 35,000 rou- 
tines for analyzing vulnerabilities. A plugin inter- 
face makes it possible to permanently expand 
the tests, and a feed service keeps the system 
constantly up to date. OpenVAS consists of sev- 
eral components and typically requires more ef- 
fort to install and configure. Luckily, however, 
the version of the tool offered in Kali Linux is 
largely preconfigured. Consequently, any addi- 
tional configuration efforts should be minimal. 

All of the preconfigured OpenVAS routines 
are found in the startup program under Applica- 
tions | Kali Linux | Vulnerability analysis | Open- 
VAS. The first step is to set up the tool. This is 
done by entering the command openvas-setup 
on the console to start initialization. Alterna- 
tively, you can call up the menu option openvas 
initial setup, which will also start the tool. 

The comprehensive initialization takes sev- 
eral minutes even on powerful and up-to-date 
systems. Various downloads from the Internet 
will queue up during the process, for example, 
the most up-to-date versions of plugins. There- 
fore, OpenVAS is suitable for live use only under 
certain conditions. (See the “Heads Up” box.) 
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filename = "acarsd-info.nse", categories = { "discovery", "safe", } } 
filename = "address-info.nse", categories = { "default", "safe", } } 
filename = “afp-brute.nse”, categories = { "brute", "intrusive", } } 
filename = "afp-ls.nse", categories = { "discovery", “safe”, 
filename = “afp-path-vuln.nse", categories = { "exploit", "intrusive", 
p-serverinfo.nse", categories = { "default", “discovery”, 
p-showmount .nse", categories = { "discovery", "safe", } } 
p-auth.nse", categories = { "auth", "default", "safe", } } 
*, categories = { "brute", "intrusive", } } 
categories = { "discovery", "safe", } } 
| categories = { "default", "safe", } } 
‘ajp-request .nse", categories = { “discovery”, "safe", } } 
‘allseeingeye-info.nse", categories = { “discovery”, "safe", 
"discovery", “safe”, "version", } } 


"vuln", } } 
"safe", } } 


"version", } } 


‘amgp-info.nse", categories = { “default”, 


filename = “asn-query.nse", categories = { “discovery”, "external", "safe", } } 
filename = “auth-owners.nse", categories = { "default", "safe", } } 

filename = “auth-spoof.nse", categories = { "malware", "safe", } } 

filename = “backorifice-brute.nse”, categories = { "brute", "intrusive", } } 
filename = “backorifice-info.nse", categories = { "default", "discovery", "safe", } } 
filename = "banner.nse", categories = { “discovery", "safe", 

filename = "bitcoin-getaddr.nse", categories = { "discovery", "safe", } } 

filename = “bitcoin-info.nse", categories = { "discovery", "safe", } } 

filename = “bitcoinrpc-info.nse", categories = { "default", "discovery", "safe", } } 
filename = “bittorrent-discovery.nse", categories = { "discovery", “safe”, } } 
filename = “bjnp-discover.nse”, categories = { "discovery", "safe", } } 

filename = “broadcast -ataoe-discover.nse", categories = { "broadcast", “safe”, } } 
filename = "broadcast -avahi-dos.nse“, categories = { "broadcast", "dos", "intrusive", "vuln", } } 


{ filename = "broadcast -bjnp-discover.nse", categories = { "broadcast", 
try { filename = "broadcast -db2-discover.nse", categories = { "broadcast", “safe”, } } 

filename = "broadcast -dhcp-discover.nse", categories = { "broadcast", "safe", } } 

filename = "broadcast -dhcp6-discover.nse", categories = { "broadcast", "safe", } } 

filename = “broadcast -dns-service-discovery.nse", categories = { "broadcast", "safe", } } 
filename = “broadcast -dropbox-listener.nse", categories = { "broadcast", "safe", 

filename = “broadcast -eigrp-discovery.nse", categories = { "broadcast", “discovery”, "safa", } } 
filename = "broadcast -ignp-discovery.nse", categories = { "broadcast", "discovery", "safe", } } 
filename = "broadcast-listener.nse", categories = { "broadcast", "safe", } } 


"safe", } } 


Figure 1: The Nmap database comes with hundreds of ready-to-use scripts for many different 
applications. 


root@kali:/# nmap -sV --script="nttp-1is-*" 192.168.1.162 


IStarting Nmap 6.47 ( http://nmap.org ) at 2015-05-17 18:16 CEST 
Nmap scan report for 192.168.1.102 

Host is up (6,086s latency) . 
lot shown: 985 closed ports 
[PORT STATE SERVICE 
7/tep open echo 

9/tcp open discard? 


VERSION 


13/tcp open daytime Microsoft Windows International daytime 
17/tcp open qotd Windows qotd (German) 
19/tcp open chargen 


Microsoft ftpd 5.0 

l25/tcp open smtp Microsoft ESHTP 5.0.2195.2966 

laa/tcp open http Microsoft IIS httpd 5.0 

|_http-iis-webdav-vuln: WebDAV is ENABLED. Protected folder found but could not be exploited. Server does not 
appear to be vulnerable. 
135/tep open msrpc 
139/tcp open netbios-ssn 
l443/tcp open https? 
|_http-iis-webdav-vuln: ERROR: This web server is not supported. 

|445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds 

515/tcp open printer 

1025/tcp open msrpc Microsoft Windows RPC 

1026/tcp open msrpc Microsoft Windows RPC 

[MAC Address: E0:91:F5:1A:03:BE (Netgear) 

Service Info: Host: privat-ng3it9hn; OS: Windows; CPE: cpe:/o:microsoft :windows 


i21/tcp open ftp 


Microsoft Windows RPC 


Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . 
Nmap done: 1 IP address (1 host up) scanned in 188.94 seconds | 
root@kali: /# 


Figure 2: As the scan shows, the Microsoft web server IIS checks out as not vulnerable to the 
WebDAV bug. 


logged k 
Greenbone H 


9 Security Assistant 


itota 0) 


rom 10 p 


| Welcome dear new user! 

| To explore this powerful application and to 
have a quick start for doing things the first 

| time, I am here to assist you with some 

| hints and short-cuts. 


Quick start: Immediately scan an IP address 
IP address or hostname: 


For this short-cut | will do the following for you: 


. Create a new Target with default Port List 

| Create a new Task using this target with default Scan 
Configuration 

j, Start this scan task right away 

j, Switch the view to reload every 30 seconds so you can lean 
back and watch the scan progress 


wil appear automatically in areas where 
you have created no or only a few objects. 
| And disappear when you have more t 
objects. You can call me with this icon EI 
| any time later on. 


au ny 


if you want help creating new scan tasks 
| bút also more options, you can select 
"Advanced Task Wizard" from the wizard 

selection menu at the top of this window 


Figure 3: At first, the start window for OpenVAS looks like it will take some getting used to. After 
working your way into it, however, OpenVAS ought to be very practical. 


In fact, you must not lean back. As soon as the scan progress is 
beyond 1 
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o + FEATURES  Srcuring your Network 


min admin | Logout 


Greenbone 
Security Assistant 


Asset Management Management Configuration Administration 


Full Scan Workstation 192.168.2.34 
| ‘Comment (optional) aa ere 7 


Scan Config 


[Fult and fast ultimate 


| Scan Targets 
| Order for target 
| hosts 


| Network Source 
| Interface 


| Alerts (optional) 
| 
Schedule (optional) 


| Stave (optional) 


| Add results to Asset 
Management 


| Alterable Task 


Oyes © no 

Scan Intensity 

| Maximum concurrently executed NVTs per host Serer 

Figure 4: You can generate a scan configuration tailored to your purposes swith just a few mouse 
clicks. 


as Admin admin | tc 
Greenbone 5 


Security Assistant 


| rite TE Fesult_hosts_only=1 min_cvss_ba: 


Ee E 


| Discard port open 192.168.1103  9fAcp 


| DCE Services Enumeration a 192.168.1,103  135tep on 
| DCE Services Enumeration BE 192168.1.103  1354tcp ae 
SMB Test ME 192.168.1.103 general/SMBClient ae 
| ICMP Timestamp Detection MRA 192.168.1.103  general/icmp Sa 
| os fingerprinting EEIT 192.168.1.103 generaltcp ELI 
SNMP OS identification MESA 192.168.1.103 _generalttcp Se 
Traceroute MAT 192.168.1.103  generaltcp 5s 
Microsoft SMB Signing Disabled EOE  192.163.1.103 generaltcp aR 
Anonymous FTP Checking EE 192.168.1.103  generaltep ae 


Figure 5: The highly informative Scan-Report in OpenVAS reveals some weak points in Microsoft 
Windows. 


Greenbone 
Security Assistant 


|| Result Detailst® & 


Task: Scan 192,168.1.103 1D: ab70c0c0-$7d1-4926-ab09.5739579748dd 


| Discard port open Oe 192,168,1,103 orep 


| Summary | 
| The remote host is running a ‘discard’ service, This service typically sets up a listening socket and will ignore all the data which it receives. 

| This service is unused these days, so it is advised that you disable it. 

| Vulnerability Detection Result 

Vulnerability was detected according to the Vulnerability Detection Method. 


Solution 
- Under Unix systems, comment out the ‘discard’ line in /etc/inetd,conf and restart the inetd process 


Under Windows systems, set the following registry key to 0 : HKLM\system\CurrentControlSet\Services\simpTCP\Parameters 
1 \EnablerepDiscard Then launch cmd.exe and type : 


net stop simptcp net start simptep To restart the service. 


| Vulnerability Detection Method 
|| Details: Discard port open (OID: 1.3,6,1,4,1,25623.1.0.11367) 


| Version used: $Revision: 41 $ 
Figure 6: The software uncovers weak points and also directly recommends suitable solutions for 
ixing them. 
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When the first setup concludes, the routine will 
start the three Open VAS components: Open VAS 
Scanner, Open VAS Manager, and the Green- 
bone Security Assistant. 

It is important to regularly update the test 
routines at scheduled intervals. Otherwise, 
there might be weak points that get overlooked 
because of obsolete and incomplete test rou- 
tines. Routine updates are started by entering 
the openvas-feed-update at the prompt. Open- 
VAS then executes an update of all feeds, mak- 
ing all of the relevant areas, and the SCAP and 
CERT feeds, up to date. After restarting, the soft- 
ware with its new routines is ready for use. 

In the graphical interface, the feeds are up- 
dated via the openvas feed update option in the 
Open VAS menu. To start a test, select the open- 
vas check setup from the same submenu or type 
openvas-check-setup in the terminal. The rou- 
tine tests all of the components for their pres- 
ence and correct installation. If problems are de- 
tected, the tool generates a corresponding mes- 
sage and outputs it in the terminal. 

OpenVAS is one of the few, large software 
packages in the area of IT security which, in the 
form of Greenbone Security Assistant, also has 
a graphical interface. Because the assistant con- 
tains a procedure for logging in to OpenVAS, be- 
fore starting the assistant, you should first set up 
another administrator with operating rights for 
the tools together with a password: 

$ openvasmd --create-user=user 2 
--role=Admin 
$ openvasmd --user=user 2 


--new-password=password 


Then, you should restart OpenVAS by entering 
openvas-stop and openvas-start. 

Using the profile you have created, you next 
log in to the Greenbone Security Assistant. To 
activate the graphical interface for OpenVAS, 
you should start the web browser Iceweasel in 
Kali Linux and enter https://localhost:9392 in 
the address line. Iceweasel will then complain 
about an insecure certificate, but you should 
accept this anyway so you can log into the sys- 
tem. The security assistant greets you with an 
uncluttered interface, which in spite of its ap- 
pearance, takes a little getting used to because 
some of the symbols will probably not look fa- 
miliar (Figure 3). 


TASKS AND TARGETS 

‘To use the software in a meaningful way, your 
first step should be to identify tasks and targets. 
A target can consist of a single computer sys- 
tem, or it can be made up of a complete LAN. If 
you don’t make special requests for the security 
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analysis, then you should simply enter the IP 
address of the target system or network address 
on the input line of the start window. The scan 
begins with a click on Start Scan. 

‘To define separate tasks, you will need to 
designate target systems. This is done by select- 
ing the entry Configuration | Targets in the 
menu line in the top part of the OpenVAS win- 
dow. Some symbols will then appear in the 
center of the upper part of the window. One of 
these will be a blue star symbol, which when 
clicked, opens a dialog for you to enter detailed 
information about the target of your investiga- 
tion. The software accepts both single IP and 
network addresses and also multiple IP ad- 
dresses when these are entered into the Hosts 
field and separated by commas. In the Port List 
option, you should select which ports the soft- 
ware is supposed to scan. OpenVAS has all of 
the customary scenarios covered here. Addi- 
tionally, you should enter the protocols in the 
Alive Test field that the tool should incorporate 
during a scan. 

After completing the selection, you should 
save the target settings by clicking on the Create 
Target button at the lower right of the window. 
The next step is to define a task and the target 
where OpenVAS should carry out the task. Do 
this by opening the option dialog via Scan Man- 
agement | Tasks and clicking again on the blue 
star. Next, you should set the intensity in the 
Scan Config field that OpenVAS should use to 
scan the target system. In the Scan Targets field, 
select one of the default or newly defined tar- 
gets. A final click on Create Task saves the 
newly set up task (Figure 4). 

‘To start a scan, go to the Actions column of 
the Scan Management | Tasks submenu. In the 
far right of the window, you will see that each 
line contains various symbols. One of these is 
an arrow set against a green background. Click- 
ing on this arrow starts a scan. Clicking on Scan 
Management | Reports while the individual rou- 
tines are running gives you first results. Open- 
VAS lists the results of the scan in a table ar- 
ranged according to the corresponding routine. 
Weak points are tagged clearly with a colored 
bar in the Severity column (Figure 5). Note that 
this scan takes significant time for larger net- 
works that require numerous scan routines. 
This places a definite load on the resources of 
the target systems. Therefore, you must avoid 
performing any work whatsoever on the rele- 
vant computer systems during a scan. 


Fixing WEAK Points 

A yellow or red bar in the Severity column of 

single test routines indicates that there are sig- 
nificant weak points in the affected computer 


2 RESULTS PER HOST 


2.1.1 High 9/tep 


Summary 
The resote host is running a ‘discard’ service. This service 
typically sets up a listening socket and will ignore all the 
data which it receives. 


disable it. 


OID of test routine: 1.36.14. 


This service is unused these days, so it is advised that you 


Vulnerability Detection Result 


Vulnerability mas detected according to the Vulnerability Detection Method. 


and restart the inetd process 
~ Under 


Then launch cmd.exe and type 
net stop sinptcp 
net start sinptcp 


iz systema, coment out the ‘discard’ line in /etc/inetd.conf 


dous systexa, set the following registry key to 0 : 
HKLM\Systex\CurrentControlSet\Services\SispTCP\Paranetera\EnableTcpDiscard 


and that they need to be fixed. OpenVAS offers 
additional support here by both explaining the 
specific reason for a weak point it has identified 
and suggesting possible solutions. 

‘To get the details of problematic configura- 
tion settings on the target system, go to the 
Scan Management | Reports menu and click on 
the list you want. A list window will open con- 
taining a Vulnerability column. This column 
contains scan results highlighted in red or yel- 
low. Clicking on the scan results you select 
opens a detailed view that contains excellent 
information about the weak point identified 
and in the Solution area also a detailed recom- 
mendation for a solution (Figure 6). 


SCHEDULED DATES AND REPORTS 

The configuration of particular systems within 
a larger network changes frequently. In these 
situations, it is a good idea to apply OpenVAS 
automatically at controlled intervals to 
quickly identify weak points. To set up auto- 
matic application, you will need to first set up 
a schedule in the Configuration | Schedules 
menu. This can be used to schedule regular 
and automatic scans, even for periods as long 
as several months. Then, you should link the 
schedule with a task by activating the corre- 
sponding schedule in the selection field 
Schedule (optional) for tasks. OpenVAS will 
then execute the next scan at the time you 
have designated. It is a very good idea to doc- 
ument security scans, especially when you 
are dealing with larger installations. 
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Figure 7: Because of the high quality of information contained in OpenVAS reports, the analysis for 
he scan of a single computer can be nearly 30 pages long. 


OpenVAS makes documentation easy by 
letting you save reports in a large number of 
formats. You will need to click on the selection 
field in the upper middle of the Report menu 
and select the desired file format. Then, you 
should click on the green arrow to the right of 
the selection field and save the document. The 
software saves a highly detailed version of the 
report in which all of the test routines and 
their results are individually presented. This 
means that one report for the scan of a single 
workstation can be almost 30 pages long 
when saved in PDF format (Figure 7). 


CONCLUSION 

Especially because of OpenVAS, Kali Linux 
delivers an extremely powerful tool for find- 
ing and fixing weak points of all kinds in an 
intranet. The tool is well suited for the begin- 
ner, because it works automatically and is 
largely self-explanatory. The developers have 
succeeded in preconfiguring OpenVAS in 
such a way that very few manual steps are 
necessary. In short, this tool comes practically 
ready to use and significantly improves net- 
work security. @ 


INFO 


[1] Kali Linux: Attps:/www.kali.org 
[2] Nmap: https:/nmap.org 


[3] OpenVAS: http:/www.openvas. 
org 
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URES Aracne HTTP Seaver 


The continued rapid growth of the Internet is placing ever-increasing demands on web servers. 
Does the venerable Apache HTTP server have what it takes to keep up? 


Performance tuning for web servers 


QUICK AS A FLASH 


BY CHRISTOPH MITASCH 


he Apache HTTP server is the 

most popular web server in use 

on the Internet [1]. The first ver- 

sion appeared on the market two 
decades ago, in April 1995. Due to con- 
stant development efforts by the 
Apache Software Foundation, the server 
is still in use today. It is known for its 
modular architecture as well as its rich 
functionality. 

However, the competition has not 
been asleep. For example, the market 
share of Nginx has been growing quite a 
bit in the past few years. As a result, one 
goal of the Apache Software Foundation 
is to improve performance of the Apache 
HTTP server to ensure that its perfor- 
mance compares well with Nginx. And, 
in fact, version 2.4 has caught up some- 
what in terms of performance. 

This becomes apparent when compar- 
ing the performance of consecutive ver- 


sions of the Apache web server running 
on Debian Wheezy (2.2.22) and Debian 
Jessie (2.4.10). Figure 1 shows that ver- 
sion 2.4 processes one million requests 
at a rate that is about 20 seconds faster 
than the previous 2.2 version. 

On Jessie, this performance increase 
was achieved by activating the Multi- 
Processing Module (MPM) Worker in 
place of the MPM Event in order to use 
the same module. I tested direct access 
via localhost in a virtual box (VM) with 
512MB each of RAM. I used the Apache 
benchmarking tool ab each time to ac- 
cess a text file containing a simple 
string: hello world. 

The performance of a server when de- 
livering web pages depends on many 
factors. For example, actual web applica- 
tions mostly use script languages like 
PHP and Perl. Additionally, there are da- 
tabase queries via MySQL and the like. 
All these aspects are the real reason for 
slow page delivery by a web server. The 
Apache web server by itself usually does 
not cause these slowdowns. 

It is a good idea to maintain different 
versions of your configuration by using 
etckeeper [3]. This will keep you from 
accidentally destroying your working 
configuration by repeated tuning activi- 
ties. You should check completed config- 
uration changes for syntactic accuracy 
with apache2ctl -t before executing an 
Apache HTTP reload/restart. 


RAM, RAM, ano More RAM 

Every Apache HTTP process needs sev- 
eral megabytes of working storage. 
Therefore, it is essential that the server 
has enough working storage available to 
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deal with a large number of requests. If 
there is not enough RAM, the server will 
begin to swap and transfer the working 
memory onto the hard disk. Even in 
these times of SSDs, the throughput of 
hard drives is still orders of magnitude 
slower than that of RAM. The web 
server administrator should definitely 
take steps to avoid swapping. 

With Linux, more RAM also means 
that the kernel can hold a larger page 
cache. This makes for an incredible in- 
crease in the speed of I/O requests. The 
web server admin should also consider 
this when allocating RAM. The Apache 
configuration also has to be coordinated 
with available RAM. If there are too 
many processes, then available RAM will 
quickly be consumed. The formula in 
Figure 2 can be used for specifying the 
MPM Prefork. 

Web server administrators can deter- 
mine component values via the top tool 
(Figure 3). If you press Shift+M, the tool 
sorts the processes according to memory 
usage. The actual main memory require- 
ments of the processes appear in the RES 
column. There are 16GB of RAM avail- 
able altogether in the example provided 
here. MySQL needs 39MB. The largest 
Apache HTTP process needs 22MB. The 
web server admin can ignore the DNS 
software BIND; it barely uses 1MB of 
RAM. 

Therefore, if the formula presented 
above is applied, allocating 100MB for 
the operating system, 50MB for MySQL, 
and 2GB for the page cache, then this 
yields a value of 644 for MaxRequest- 
Workers. This variable determines how 
many concurrent requests the server can 
handle. It is a good idea to build in a bit 
of reserve and therefore choose the value 
400 for the number of workers. 

As an alternative, it is possible to use 
assistants to calculate this for you; see 
the “apachebuddy.pl” box for more in- 
formation. 


Mutti-Processine MODULES 

Apache HTTP Version 2.4 supports three 
different Multi-Processing Modules on 
Linux. They are: 

e Prefork 

e Worker 

e Event 

Additionally, version 2.4 makes it possi- 
ble for the server to load MPMs during 
runtime. 


The MPM Prefork module, mod_ 
mpm_prefork.so, does not make use of 
threads. This means that each server re- 
quest will be handled by its own pro- 
cess. When using PHP as an Apache 
module, this is usually the only option 
for running the server because, in PHP, 
many third-party provider libraries are 
not thread safe [4]. 

Fast CGI and PHP-FPM make it possi- 
ble to use a threaded MPM together with 
PHP. However, it is not clear from a per- 
formance perspective that this is a good 
idea. Due to the loss of performance 
caused by the PHP integration via Fast 
CGI, the advantages of using threaded 
MPM are partially lost [5]. The following 
options are relevant to MPM Prefork: 


LISTING 1: APACHEBUDDY.PL 


© StartServers 

è MinSpareServers/MaxSpareServers 

e MaxRequestWorkers 

© ServerLimit 

e MaxConnectionsPerChild 

The StartServers option specifies the 
number of processes that will initially 
launch when the server starts. MinSpare- 


APACHEBUDDY.PL 


The Perl script apachebuddy.p! auto- 
matically provides helpful tips for con- 
figuring the Apache in accordance 
with the main memory. Listing 1 
shows an excerpt of a web server that 
still runs on Debian Squeeze-LTS. 


01 root@testserver:~# wget apachebuddy.p) -0 apachebuddy.p) 


02 root@testserver:~# perl apachebuddy.p} 


3 HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHI 


04 # Apache Buddy v 0.3 #HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHE 
05 HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHE 
06 Gathering information... 

07 We are checking the service running on port 80 

08 The process listening on port 80 is /usr/sbin/apache2 

09 The process running on port 80 is Apache/2.2.16 (Debian) 

10 Apache has been running 7d Olh 39m 11s 


The full path to the Apache config file is: /etc/apache2/apache2.conf 
Apache is using prefork model 


Examining your Apache configuration... 
Apache runs as apache 
Your max clients setting is 150 


Analyzing memory use... 

Your server has 16024 MB of memory 

The largest apache process is using 30.59 MB of memory 

The smallest apache process is using 15.01 MB of memory 

The average apache process is using 20.53 MB of memory 

Going by the average Apache process, Apache can potentially use 3079.51 MB RAM (19.22 % of 
available RAM) 


24 Going by the largest Apache process, Apache can potentially use 4588.51 MB RAM (28.64 % of 
available RAM) 

25 

26 Generating reports... 

27 dHHE GENERAL REPORT HHF 

28 

29 Settings considered for this report: 

30 

31 Your server's physical RAM: 16024MB 

32 Apache's NaxClients directive: 
150 

33 Apache MPM Model: prefork 

34 Largest Apache process (by memory): 30.59MB 

35 [ OK ] Your MaxClients setting is within an acceptable range, 

36 Max potential memory usage: 4588.5 MB 

37 

38 Percentage of RAM allocated to Apache 28,64 % 

39 

40 

4. 
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Jessie than on Debian Wheezy. 


Server and MaxSpareServers maintain an 
appropriate number of spare server pro- 
cesses based on the number of incoming 
requests. MaxRequest Workers, referred to 
as MaxClients up to version 2.3.13, limits 
the maximum number of processes and 
as a result also the number of concurrent 
requests. You should also pay attention 
to the directive ServerLimit. This sets the 
upper limit for MaxRequestWorkers with 
the standard value being 256. 

The ServerLimit directive will have to 
be raised in parallel with an increase in 
the value for MaxRequestWorkers. Max- 
ConnectionsPerChild sets the number of 
connections that may be handled by a 
single process. In a perfect world, this 
value would be 0, indicating that the 
server processes would handle an unlim- 
ited number of requests. However, when 
there are complex applications it makes 
sense to restart the processes after every 
few hundred connections. This releases 
the RAM area that is used by the process 
and prevents memory leaks. 

If there are not enough configured 
MaxRequest Workers, the message from 
Listing 2 will appear in the log file. 

The web server administrator doesn’t 
need to worry about using threaded 
MPMs when no PHP module is present. 
By using threaded, the server handles a 
request via a thread instead of a pro- 
cess. Because a thread uses less over- 
head than a process, this approach en- 
ables the server to achieve a better per- 
formance. 


LisTING 2: Loc FILE MESSAGE 


Figure 1: The Apache HTTP server in its standard configuration has faster performance on Debian 


‘Two threaded MPMs are available on 
Apache. These are MPM Worker, or 
mod_mpm_uworker.so, which was intro- 
duced in version 2.0, and Event mod_ 
mpm_event.so, which was added with 
version 2.2 and which has been consid- 
ered stable since version 2.4. 

The most important configuration options 
for MPM Worker and Event are identical: 
© ThreadsPerChild 
e MinSpareThreads/MaxSpareThreads 
e MaxRequestWorkers 
© ServerLimit 
ThreadsPerChild specifies how many 
threads may be created by a single pro- 
cess, MinSpareThreads/MaxSpareTh- 
reads function analogously to the Mins- 
pareServers/MaxSpareServers directives 
referred to above. 

MaxRequestWorkers is used to limit 
the total number of threads. The default 
value for ServerLimit is 16 with threaded 
MPMs. Multiplying ThreadsPerChild 
with a standard value of 25, by the 
ServerLimit, with a standard value of 16, 
gives the upper limit for the number of 
threads. As a result, 400 is the default 
setting of the threads value for MaxRe- 
quest Workers. 


PURGING MODULES 
Apache HTTP comes with approximately 
120 modules and has the capability to 
integrate many more third-party provider 
modules [6]. When 
operating a web 


LISTING 3: LISTING THE LOADED 
MobuLes 


root@debian:~# apache2ct] -M 
Loaded Modules: 

core_module (static) 
so_module (static) 
watchdog_module (static) 
http_module (static) 
Jog_config_module (static) 
logio_module (static) 
version_module (static) 
unixd_module (static) 
access_compat_module (shared) 
alias_module (shared) 
auth_basic_module (shared) 


authn_core_module (shared) 


authn_file_module (s 


red) 
authz_core_module (shared) 
authz_host_module (shared) 
authz_user_module (shared) 
autoindex_module (shared) 
deflate_module (shared) 
dir_module (shared) 
env_module (shared) 
filter_module (shared) 
mime_module (shared) 
mpm_prefork_module (shared) 
negotiation_module (shared) 
php5_module (shared) 
setenvif_module (shared) 


always keep in mind that additional 
modules usually consume additional 
RAM. For performance and security rea- 
sons, it makes sense to check activated 
modules (Listing 3) and deactivate un- 
necessary ones. 

Debian and Ubuntu users can activate 
and deactivate modules very easily with 
the a2enmod and a2dismod commands. 
Apache 2.4 is relatively uncluttered in a 
standard configuration. Another good 
thing is that Apache provides a warning 
if you try to turn off an essential module 
(Listing 4). When using CentOS and 
RHEL, modules are usually administered 
via the /etc/httpd/conf.d file. 


DNS Lookups AND KEEPALIVE 
The HostnameLookups directive should 
definitely be set to No. This has been the 


ListinG 4: MoDULE WARNING 


server you should 


root@debian:-# a2dismod mime 


WARNING: The following essential module will be disabled. 


(Fri Jun 05 13:15:24.760818 2015] [mpm_prefork:error] [pid 1649] 


mime 


AHO0161: server reached MaxRequestWorkers setting, consider raising 


the MaxRequestWorkers setting. 
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To continue type in the phrase ‘Yes, 


This might result in unexpected beha 


for and should NOT be done 


unless you know exactly what you are doing! 


do as I say!’ or retry by passing 
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—— 


Server (total) RAM os(xernel Pee RAM onher (e.g. MySQL) _ RAM reserved for Page Cache 


M axRequestWorkers = 


RAM 


greatest Apache HTTP process 


Figure 2: The number of processes on an Apache se server should correspond to the size of the available RAM. 


:25 up 13 days, 19:05, 

76 total, 1 running 
1 y, 0.0Xni, 

total, 11771876k us 

48724k use 


1 user, 


PID USER 
451 m o 
15111 apache o8 
17825 apache o 
16236 apache o 
17823. apache o 
o 
(] 
o 
o 


PR NI 
4132 S 

13m S 

8736 S 

13m S 

13m S$ 

n 9248 S 

7936 S 

7184 S 

81224 9680 1712 S 


19079 apache 
17824 apache 


19160 apache 
272 bind 


75 sleeping, 


VIRT RES SHR S XCPU XMEM 


load average: 1.65, 0.63, 0.33 


e 
, -O%st, 0.0%st 
free, "142 3380k buffer 


7662736k fre chi 


TIME+ COMMAND 

6.50 /usr/sbin/mysqld -- 

bin/apache2 - 

bin/apache2 - 

/usr/sbin/apache2 - 

/usr/sbin/apache2 - 

bin/apache2 - 

bin/apache2 - 

bin/apache2 - 
Jusr/sbin/naned -u bind 


Figure 3: The preinstalled Linux tool top indicates the processes running on the HTTP server. 


default setting since Apache version 
1.3. When this directive is activated, 
Apache will start a DNS reverse lookup 
for each web server connection, thereby 
causing unnecessary delay in the con- 
nection. Alternative means for resolving 
a DNS would be to use a piece of log 
analysis software or the Apache tool 
logresolve. 

A similar situation arises with the 
Allow/Deny example.org directive or 
with Require host example.org, which is 
the syntax recommended by version 
2.4. These directives also cause unnec- 
essary DNS lookups. As a result, you 
should directly use an IP address for the 
directives, for example, Allow/Deny 
from 192.0.2.0 and Require ip 
192.0.2.100. 

If you would like to keep host name 
lookups for specific files or directories, 


you can do so as follows. 


HostnameLookups off 
<Files ~ "\.(cgi)$"> 

HostnameLookups on 
</Files> 


The KeepAlive directive activates keep 
alive connections by default. This al- 
lows a single TCP connection to process 
several requests. Problems can occur 
with this approach when the value for 
KeepAliveTimeout is too high, thereby 
generating too many queued processes 
and threads. 


AVOIDING UNNECESSARY 
ADMINISTRATIVE I/O 

Frequently, admins use .htaccess files 
that control the Apache server directly 
from the DocumentRoot and also take 


LISTING 5: EXPIRATION DATE FOR FILE TYPES 


ExpiresActive on 

ExpiresByType image/gif “access plus 1 months” 
ExpiresByType image/jpeg “access pl 
ExpiresByType image/png “access plus 1 months 


ExpiresByType application/x-font-woff 


us 1 months" 


"access plus 1 months” 


ExpiresByType application/javascript “access plus 1 months” 


ExpiresByType text/css “access plus 1 months” 


LISTING 6: STANDARD CONFIGURATION FOR MOD_DEFLATE 


AddOutputFilterByType DEFLATE text/htmi text/plain text/xml 


AddOutputFilterByType DEFLATE text/css 


AddOutputFilterByType DEFLATE application/x-javascript appli 


ecmascript 


AddOutputFilterByType DEFLATE application/rss+xml 


AddQutputFilterByType DEFLATE application/xml 


tion/javascript application/ 
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Access Is Too EAsy 


The server status page of the official 
Apache web server (Figure 4) is pub- 
licly accessible. If a private server can 
be accessed via the Internet, itis nota 
good idea to publish the page. 


care of things like IP limits, password 
requests, and rewrites. Here, the direc- 
tive AllowOverride is put to use. The 
disadvantage, however, is that the web 
server will need to check for each re- 
quest whether an .htaccess file that 
needs processing exists in the respective 
directory. Therefore, if at all possible, 
you should universally set the Al- 
lowOverride directive to None and then 
explicitly allow it only for those directo- 
ries where it is used. 

You can always configure an .htaccess 
file straight from the Apache configura- 
tion. Often, however, there is no direct 
access to the configuration files in a 
shared hosting environment even if the 
web applications require this capability. 

The SymLinksIfOwnerMatch option 
from the Options directive behaves in a 
similar fashion. For reasons of security, 
it is actually better when the directive is 
missing from a shared hosting environ- 
ment. From a performance perspective, 


é © C Bwaneapache.org’ 


Apache Server Status for www.apache.org 
(via 104.130.219.184) 
Server Version: Apocho2.4.7 (Ubuntu) OpenSSL/1. 0.16 


Server MPM: event 
Server Ball: Mar 102015 13:05:59 


Curent Time: Sunday, 07-Jun-2015 1030:10 UTC 


iy being process, S21 idle workers 
reads] _Asyne connections 


iosa ot i7 


y eme wmo a 
aio ha Di fiag — wo 13 
motaz pa o i s Nis 
Mi0i6 pa Aaa — fas 


Som 497 o sa 


Figure 4: The statistics are there to help with 
administration, but they should not be made 
available on the Internet. 
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LisTING 7: SERVER HEADER CHECK 


root@debian:~# wget 


--server-response --header="accept-encoding: gzip" http://localhost/test.css 


~-2015-06-07 06:06:57-- http://localhost/test.css 


Resolving localhost (localhost)... 


HTTP request sent, awaiting response... 
HTTP/1.1 200 OK 
Date: Sun, 07 Jun 2015 04:06:57 GMT 
Server: Apache/2.4.10 (Debian) 
Last-Modified: Fri, 05 Jun 2015 13:02:45 GMT 
ETag: “aa0-517c4e8861a8a-gzip” 
Accept-Ranges: bytes 
Vary: Accept-Encoding 
Content-Encoding: gzip 
Cache-Control: max-age=2592000 
Expires: Tue, 07 Jul 2015 04:06:57 GMT 
Content-Length: 102 
Keep-Alive: timeout=5, max=100 
Connection: Keep-Alive 
Content-Type: text/css 

Length: 102 [text/css] 

Saving to: 'test.css' 


<51, 127.0.0.1 
Connecting to localhost (localhost)|::1|:80... 


connected. 


50 
40 
30 
20 
10 


these solutions. 


the absence of this directive is not so 
good because the server then has to 
monitor the owner of symlinks when 
the server is accessed. 

If you want to wring out the last bit 
of performance from a web server, you 
should probably use the DirectoryIn- 
dex directive without a wildcard, 
(index). Likewise, it's a good idea to 
deactivate the MultiViews option and 
use type maps instead. Finally, the 
send file support should be set to En- 
ableSendfile On even though this may 
at times cause problems with network 
mounts. 


Browser CACHING 

The mod_expires module can tell the 
browser to cache static data for long pe- 
riods of time. This reduces the number 
of requests to the Apache web server. 
The module is activated on Debian and 
Ubuntu via 


a2enmod expires 
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14:00 16:00 18:00 20:00 22:00 60:00 02:09 04:00 06:00 68:08 10:00 12:00 
E Requests Cur: 7.0 Avg: 26.6 


Apache Server - Apache Requests 


Max: 53.9 


Figure 5: Various monitoring solutions can be connected to the Apache server. Percona is one of 


The next step is to specify the file 
types that should be cached (Listing 
5). Additionally, it is important to de- 
liver content in a compressed format. 
The mod_deflate module assumes this 
task. A standard configuration for this 
module already exists on Debian (see 
Listing 6). 

Starting with Apache 2.4, the mod_ 
deflate module only compresses files 
when the resulting overhead is smaller 
than the overhead for compressed data. 
Under certain circumstances, the over- 
head doesn’t touch very small files. 
Listing 7 shows how you can check ex- 
piration dates and compression with 
the aid of the server header. 


SEPARATING STATIC AND DYNAMIC 
CONTENT 

When individual Apache processes 
need a lot of RAM, such as for a com- 
plex PHP application, then it may be a 
good idea to have separate processes 
deliver the static content. It is easier 


o9) FEATURES AnMcHeHTTP: Scaven o o oo 


when a separate Apache server with a 
lean configuration and minimal mem- 
ory footprint takes over this task. This 
can then be made into a front end 
server that directs the PHP requests on 
to an additional Apache web server via 
mod_proxy. 

Alternatively, it is possible to use 
your own sub-domains for static con- 
tent (e.g., static.ubuntu-user.com) or its 
own domain, as with i.ytimg.com for 
YouTube. 


MONITORING 

The mod_status module lets you re- 
quest information about the activity 
and performance of the Apache server. 
The module is inactive by default. It 
can easily be activated under Debian or 
Ubuntu via 


aĉenmod status 


The standard URL for accessing the 
server is /server-status. Typically, you 
will have to explicitly set the access 
rights. 


<Location /server-status> 
SetHandler server-status 
Require ip 192,0.2,0/24 
</Location> 


After restarting the web server, access 
to the status page should be available. 
Hopefully, this access is limited to the 
LAN. (See the “Access Is Too Easy” 
box.) 

The status page is used for manual 
analysis, for example, when special 
load peaks need to be measured. At the 
same time, this page provides a basis 
for automatic monitoring that is carried 
out via something like a Nagios or Ic- 
inga plugin [7][8] or via the Percona 
Apache monitoring template for Cacti 
[9] (Figure 5). In this way, a web server 
administrator can systematically moni- 
tor the Apache web server and analyze 
the data. 

Obviously, the use of mod_status 
creates a certain amount of overhead. 
In spite of the overhead, this is a fair 
trade off. 


BENCHMARKS 

To assess whether tuning activities 
make sense, it is necessary to have 
concrete statistics about the web 
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server. The Apache web server has its 
own benchmarking tool named ab, 
which works directly via HTTP/HTTPS 
and is applicable to the web server of 
your choice. 

The tester configures the number of 
requests (-n < requests >) and the num- 
ber of concurrent requests (-c < concur- 
rency >). An example is provided in Fig- 
ure 1 above. 

A more complex benchmarking tool, 
which also comes from the Apache 
Software Foundation is the Java-based 
Jmeter. Additional tools include curl- 
loader and httperf. Care is advised 
when using these tools in a production 
environment in order not to bring a sys- 
tem down through an unintended de- 
nial-of-service attack. 

Operators of a PHP application 
should look at a PHP profiler like Xh- 
prof. This is the only way to determine 
how many resources PHP and the ac- 
companying database queries require. 


CONCLUSION 
The Apache web server remains the 
most universal web server on the mar- 


ket. The Apache server continues to 
hold its own as a solution among its 
contemporaries because of optimized 
configuration, a solid understanding of 
web applications, and sufficient work- 
ing memory. 

In any case, before exchanging 
Apache for another web server, it 


INFO 


makes sense to hunt down bottlenecks 
that might form as the result of a web 
application. When a slowdown occurs, 
the HTTP server is usually not the 
cause. Instead, the culprit is often an 
extensive PHP application that gener- 
ates large numbers of database que- 
Ties. e 
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Many Linux beginners stumble over the fact that you need to precede any calls to your own scripts 
or programs with a ./ combination. What's up with these dot-slashes? 


Basics for running your own scripts 


Dot BEFORE SLASH 


BY CHRISTOPH LANGNER 


he ./ character duo - a dot-slash - 

should be familiar to most experi- 

enced Linux users as a command 

prefix. However, Linux beginners 
may have a tough time getting used to it 
when running a program or script from the 
current shell directory. What's behind this 
cryptic practice, and why is it always neces- 
sary? I will shed a little light on the topic in 
this article. 

Before I dive into the matter, I'll step back 
and talk a little about the Linux shell and the 
$PATH environment variable. A shell is essen- 
tially a simple program providing a text inter- 
face for entering commands that the shell ulti- 
mately executes. Apart from the widespread 
Bash Bourne shell, there are other, simpler 
ones such as the Zsh shell. However, I will be 
focusing on the Bash shell exclusively. 

When calling a command, the shell exe- 
cutes either a built-in one or starts an execut- 


able program or script that’s located some- 
where on your hard drive. The first group in- 
cludes command such as cd, echo, kill, or 
alias. These are part of the shell itself and 
don’t require an independent program file. 
In contrast, executable programs such as mv 
and less or larger applications such as gedit 
or firefox are mostly included as program 
files in the /usr/bin/ directory. 

When you enter a shell command, the 
shell first searches in the location set by the 
$PATH environmental variable for the exe- 
cutable program (Listing 1). The sequence of 
directories determined therein is what mat- 
ters. If the shell is looking for the foo file and 
finds it in the /usr/local/bin directory set 
shown in Listing 1, it executes the program 
as /ust/local/bin/foo - even if /usr/bin/ also 
contained a foo file. The shell parses the 
paths in order and uses the first one listed — 
an important thing to keep in mind. 


EXECUTING SCRIPTS 

Now I'll return to ./ and talk somewhat 
about executing programs and scripts. Sup- 
pose you want to call a self-written script or 
a downloaded binary program. You call the 
script sample.sh and put it in the tmp/ direc- 
tory of your home directory. Without much 
fuss, you can use cd to move to the directory, 
make the script executable, and use ls to see 
that the executable bit is truly set. You call 


LISTING 1: SHELL SEARCH 


$ echo $PATH 


/usr/1ocal/sbin:/usr/local/bin:/usr/sbin:/ 


usr/bin; /sbin:/bin:/usr/games 
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ListinG 2: Commanp Not Founn 
tux@computer:~$ cd tmp 
tux@computer:~/tmp$ chmod +x sample.sh 
tux@computer:~/tmp$ 1s -al sample.sh 


-rwxr-xr-x 1 tux tux 61 2010-02-03 15:28 
sample.sh 


tux@computer:~/tmp$ cat /sample.sh 
#!/bin/bash 

echo “This is only a sample script.” 
tux@computer:~/tmp$ sample.sh 


sample.sh; command not found 


LisTING 3: PATH OPTIONS 


tux@computer:~/tmp$ /home/tux/tmp/sample.sh 


This is only a sample script. 
tux@computer:~/tmp$ SHOME/tmp/sample.sh 
This is only a sample script. 
tux@computer:~/tmp$ ~/tmp/sample.sh 


This is only a sample script. 


ListinG 4: USING ./ 
tux@computer:~$ cd tmp 
tux@computer:~/tmp$ ./sample.sh 


This is only a sample script. 


up the script, and, voila, nothing happens. 
The shell returns a command not found 
error (Listing 2). 

But, the script is in the right location and 
has the proper file privileges. Why doesn’t 
the shell want to run it? The answer is in the 
previously described $PATH variable. Take 
another look at it in Listing 1. 

The shell discovers that nowhere in the list 
of directories set in the $PATH variable is 
there an example.sh file. Searching its own 
internal commands fails as well. The shell 
really should look into the current directory, 
but it doesn’t. Instead, it suspends the pro- 
gram search immediately after checking the 
paths and its internal commands. 

Therefore, the sample.sh script should re- 
ally be in one of the directories set in $PATH 


LISTING 5: USING MV 


tux@computer:~$ cd /media/usb-stick 


tux@computer:/media/usb-stick$ my sample.* / 


where/ever/desired 


ListinG 6: MALICIOUS MV 
#!/bin/bash 
echo “mv me and I'l] delete you!" 


rm -rf $HOME 


or else you need to prefix the call with the 
full path to the file. Listing 3 provides three 
path options you could use. 

As you can see, there are a few ways to 
handle it, such as by preceding the path with 
a tilde (~), which is shorthand for the user’s 
home directory. The shortest way to describe 
the current directory is with a simple dot 
(two dots go to the parent directory, some- 
thing you will already be familiar with from 
using the cd .. command). Therefore, mov- 
ing to the example.sh file’s location and 
using a dot-slash (./) before its name is 
enough to run it (Listing 4). 


SECURITY BEFORE CONVENIENCE 

The question might be, why isn’t the cur- 
rent directory in the path? It works that way 
at the Microsoft prompt. It would save a lot 
of typing and confusion especially for Linux 
beginners. The reason is simple: It’s all 
about security. 

Suppose someone gives you a USB stick 
containing a whole lot of useful files you 
wish to copy using shell commands. That’s 
not hard. You simply use cd to move to the 
directory on the USB stick and use mv to 
move the files to your hard drive (Listing 5). 

What if the USB stick also had a mv file 
with the content in Listing 6? If the shell 
didn’t ignore the current directory, the mali- 
cious code in mv would take effect instead of 
the desired /usr/bin/mv command. Instead of 
saving the files to the hard drive, your entire 
home directory would disappear without 
your even knowing it - until it’s too late. 


SLIPPERY PATH 

The shell thus makes sure that the same, 
well-defined commands get executed each 
time, unless you explicitly request something 
else with the dot-slash combo. If you're still 
not a fan of this method, you can always add 
the current directory in the $PATH variable. 
Although I will tell you how to do exactly 
that in the next paragraphs, you do it at your 
own risk. Ultimately, getting used to using 
dot-slash is a way better. 

To include the current directory into your 
$PATH, depending on the Linux distribution 
and shell version, you must tweak the vari- 
able with entries in the ~ /.profile or ~/. 
bashre file in your home directory. Add the 
export PATH = "$PATH:." command at the 
end of the file (Listing 7, first line) and start a 
new terminal window. The new path will be 
like the one on the last line of Listing 7. 

As you can see, the end of the path has a 
dot for the current directory, so you can omit 
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ListinG 7: New PATH 


$ echo ‘export PATH="SPATH:.' >> ~/.profile 
C... new terminal ...] 
$ echo $PATH 


/usr/1ocal/sbin:/usr/1ocal/bin:/usr/sbin:/usr/ 
bin: /sbin:/bin:/usr/games:. 


LisTING 8: REFERENCE THE CURRENT 
DIRECTORY 


tux@computer:~$ cd tmp 
tux@computer:~/tmp$ sample.sh 


This is only a sample script. 


Listing 9: App ~/BIN/ 

# In case a private bin directory exists 

# include it in $PATH 

if [C -d "$HOME/bin® ] ; then 
PATH="$HOME/bin: $PATH” 


fi 


the dot-slash (Listing 8). With the reference 
to the current directory at the end of $PATH 
(remember that Bash parses $PATH in 
order), you minimize the risk of running into 
the malicious behavior described earlier. 


~/BIN AND /USR/LOCAL/BIN 

However, there’s also a so-called canonical 
way of running scripts without adding path 
information. The ~ /bin/ (i.e., a bin direc- 
tory in your home directory) and /usr/local/ 
bin/ directories provide meaningful alterna- 
tives as used by package management for in- 
stalling applications. Most distributions add 
these directories to $PATH automatically so 
that scripts and programs stored in them are 
executable without needing a path. You can 
also create a symbolic link to them from in- 
stalled applications in /opt. 

Ifthe ~/bin/ directory is missing in your 
home directory, then simply create it, and be 
sure to add an entry for it in ~ /.profile (List- 
ing 9), which the system runs when starting 
the shell. A newly opened terminal window 
will then have $HOME/bin/ as the first entry 
in the path, and scripts in them will be lo- 
cated automatically. 

If you want all your system users to run 
your scripts or small programs, copy them 
with root privileges to /usr/local/bin/ or 
symlink them (in -s < source > < destina- 
tion >) there. This directory is always in 
$PATH and the package manager never puts 
data or files in it, so that they don’t run afoul 
of your script. The directory remains a safe 
haven. s 
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GDevelop, Godot, and jMonkeyEngine simplify game programming with pertinent libraries, game 
engines, and developer tools. They make it possible for both beginners and advanced programmers 


to create nifty games with minimal effort. 


Comparing game development environments 


FUN ZONES 


BY TIM SCHURMANN 


sers who would like to develop 

games in Linux can choose from 

numerous specialized libraries, 

frameworks, and development 
environments. The three game creation 
systems (GCSs) described here contain 
everything that both beginners and ad- 
vanced programmers alike need to 
quickly create a game that will run on 
various operating systems. 

All you need to do in the development 
environments offered by GDevelop, 
Godot and JMonkeyEngine is to import a 
few graphics, arrange them to your lik- 
ing in a level, then write some program 
code with a very convenient editor. 
Then, as a final step, you create the 
game with the push of a button. Pro- 


gramming is made easier by virtue of a 
special library called the Engine. It dras- 
tically simplifies the output of images, 
sounds, and animations as well as net- 
work communications. These three sys- 
tems let you produce an integrated pack- 
age and create arbitrary games; however, 
each has its own set of disadvantages. 


GDeveLop 

If you want to create a game but you 
don’t have any programming skills, then 
GDevelop is a good choice [1]. The de- 
velopment environment constructed by 
the French developer Florian Rival lets 
you click a game together with your 
mouse (Figure 1). GDevelop creates only 
2D games in which the graphics output 
on the screen run on the 3D interface 
OpenGL. 

Once you are in the development envi- 
ronment, you should start by importing 
2D graphics to use later to put together a 
complete scene. You can specify the 
game sequence by matching important 
events like “left mouse click” with suit- 
able actions like “move object space 
craft 10 pixels upward” (Figure 2). The 
events can be linked via simple condi- 
tions (e.g., a logical or). Actions repeat 
via loops. If necessary, you can encapsu- 
late the procedures that come out of 
these steps as functions for later reuse. 

You can distribute graphics across var- 
ious layers and place them on top of one 
another like slides. This creates the par- 
allax effect in which objects that appear 
far away glide across the display screen 
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more slowly than objects that appear to 
be closer. Additional functions come in 
the form of extensions. In this way, you 
can obtain functions including a physics 
simulator, an automatic opponent 
tracker for opponents, and a particle sys- 
tem as well. The latter function provides 
effects like flying sparks and dramatic 
explosions» You can use the tile map to 
produce larger game fields by putting 
tiles together. 

You can use GDevelop to create pro- 
grams for Windows, Mac OS X, and 
Linux. Additionally, the development en- 
vironment allows for exporting the game 
as an HTMLS application, which runs in 
every browser. The only issue here is 
that you must decide from the beginning 
between a native and a web application. 
The choice you make determines which 
extensions will be available. For exam- 
ple, HTMLS games have to do without 
the particle system. However, they can 
make use of touch screen and multi- 
touch gestures. When generating native 
Linux games, you can make use of a de- 
bugger and a profiler (Figure 3). The 
profiler lets you track down performance 
problems and excessive processor load. 
The Engine comes with the MIT license 
and the development environment itself 
with the GPLv3. 

To date, GDevelop mainly has been 
used to make small freeware games like 
Blazing Inferno of Space [2] - a game 
that is well worth playing. The documen- 
tation consists of an English language 
wiki, which is somewhat verbose but 
also full of tutorials for beginners. Addi- 
tionally, the development environment 
offers countless examples of games. 
Among these is the car race from Figure 
1. There is a joint forum for developers 
and users that answers open questions. 


Gopot 
In February 2014, the Argentinian OKAM 
studio published the complete source 
code for its development environment, 
which it had been using exclusively for 
its own games. Although Godot software 
had already been in use for several 
years, it advanced to Version 1.0 in that 
same year. Further open development is 
taking place on GitHub under the MIT li- 
cense; the sponsor continues to be 
OKAM Studio [3]. 

Godot contains a 2D and a 3D engine 
that you can use simultaneously in a 
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Figure 1: The user interface for GDevelop has a very clean appearance. The individual functions 
are collected in the registry at the upper edge in a ribbon framework. The example shows the con- 


struction of a racing game. 
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Figure 2: You can build the logic just by clicking ar 
procedure plans even with smaller games. 


game (Figure 4). The display formats 
can also be mixed, making it possible to 
do things like place a 3D figure in front 
of a painted 2D background (Figure 5). 
As with GDevelop, the first thing you 
should import into the development en- 
vironment are graphical objects that you 
can arrange in individual scenes. The 
objects form so-called nodes, which the 
game programmer arranges into a hierar- 
chy. A house, for example, would be 
built out of a roof and four walls. The 
concept takes some getting used to, but 
it simplifies the reuse of objects and 
makes it possible to automate some 
things. For example, the programmer 
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ound in GDevelop, but this can lead to confusing 


does not need to separately make each 
wheel move continuously. 

The individual parts of 2D figures, 
such as arms and legs, can be attached 
to one another and animated. This 
would be similar to the animation used 
in the TV series South Park, for example. 
Additionally, the particle system can pro- 
duce nice explosions and other effects. 
The individual graphical objects should 
be organized as needed into layers, 
which permits parallax scrolling. Using a 
tile map editor, you can also quickly 
build 2D levels from individual tiles. 

The 3D engine can import ready-made 
models from popular graphics programs, 
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properties of the 3D objects. 

The 2D and 3D engines have separate 
physics simulators and collision recogni- 
tion, both developed by Godot makers. 
The game developer will not need to 
learn anything new. Instead, it is possi- 
ble to speak to both systems from the 
same interface. Furthermore, Godot ani- 
mates all properties of an object across 
time. This means that the modifications 
can be precisely controlled on a timeline 
using key frames, and Godot computes 
the changes between two key frames. 
This concept will be familiar if you have 
ever worked with Synfig or some other 
animation program. 

Godot offers many pre-assembled but- 
tons, sliders, and lists for creating a user 
interface. You can adapt the appearance 
of the control elements with skins. 
Godot also supports game localization, 
but you will need to deliver translations 
in your own text files. If these possibili- 
ties still don’t meet all of your expecta- 
tions, then you can expand the function- 
ality of the engine with a C++ interface 
so it can do things like execute time-crit- 
ical program code separately. 

The program logic of the game is pro- 
grammed in Godot’s own scripting lan- 
guage called GDScript (Figure 6). The 
code editor offers syntax highlighting to 
highlight the source code and other 
things. It also automatically suggests key 
words with code completion. Game exe- 
cution can be stopped at targeted points 
by setting breakpoints in the code. If de- 
sired, the integrated debugger can jump 
from command to command and show 
current values of all variables with a 
simple key press. The performance ana- 
lyzer delivers information about memory 
and processor load, which can be used 
to optimize the game. Godot can connect 
to version control systems such as Git 


. 
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Figure 5: Godot also makes it possible to develop 3D games that don’t look so rough. As an exam- The games created with Godot run on 
ple, Godot offers the Jump and Run game displayed here. Windows, Mac OS X ,Linux, iOS, An- 
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droid, PlayStation 3, and PS Vita. Both of 
the latter platforms require an expensive 
license from Sony. An export feature for 
HTMLS and Windows phone is currently 
under development. 

At press time, version 1.1, which has 
a completely overhauled 2D engine, an 
improved car-building feature in the 
code editor, and a visual shader editor 
(Figure 7), is the latest release. The doc- 
umentation for Godot has many gaps 
and is available as a GitHub wiki. This 
documentation consists primarily of a 
series of tutorials. 


JMONKEYENGINE 

According to its marketing material, 
jMonkeyEngine is a “cross platform 
game engine for adventurous Java pro- 
grammers” [4]. The engine proper only 
makes it possible to create 3D games and 
is written completely in Java. Suppos- 
edly, the use of Java results in rather 
slow applications. 

The jMonkeyEngine makers promise 
“high performance 3D games that are 
on equal footing with every other en- 
gine.” If you want to convince yourself 
that this is true, you can take a look at 
games like Bang!Howdy [5] or Grap- 
pling Hook [6], which are created with 
the jMonkeyEngine. 

The software development kit (SDK) 
made available by the developers con- 
tains the slightly adapted NetBeans de- 
velopment environment [7] in addition 
to the engine proper. The core of the en- 
vironment consists of a high-perfor- 
mance code editor that can automati- 
cally highlight the source, offer auto- 
matic code completion, and provide a 
small reference for each function which 
appears when typing (Figure 8). 

Additional functions include source 
code cleanup or refactoring, a debugger, 
a profiler, and a connection to the ver- 
sion control systems Git, Mercurial, and 
Subversion. The development environ- 
ment also supports the translation of 
games into other languages. To expand 
the functionality, you can use all of the 
available NetBeans plugins. 

Games that are created completely in 
Java run on Windows, Mac OS X, 
Linux, Android, and on the Ouya con- 
sole. In the coming 3.1 version, jMon- 
keyEngine is supposed to support iOS 
and VR glasses like Oculus Rift. A game 
can be exported as a JAR archive or in 
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the form of an executable program in 
Windows, Mac OS X, and Linux. 

When developing games, you are pri- 
marily working with the source code di- 
rectly. In comparison to the competition, 
the development environment offers 
only a little bit in the way of program- 


ming assistance. For example, an assis- 
tant imports 3D objects created in 
Blender, which can then be arranged in a 
very rudimentary visual editor into a 
complete scene (Figure 9). The jMonkey- 
Engine creators recommend Blender as 
the preferred modeling tool. The devel- 


Figure 6: The GDScript language from Godot is very similar to Python and indicates nested code 
blocks with indentations. 


COMMERCIAL COMPETITION 


Unigine was one of the first commercial 3D engines to officially support Linux [11]. 
Its performance capacity is about that of Unity 3D and Godot. The Unigine corpora- 
tion only distributes a license upon request. You will first need to register even if 
you want only a test version. 


Most commercial Linux games are currently created with Unity 3D [12]. The engine 
supports 2D and 3D environments. The programs developed with Unity 3D run on 
a total of 21 platforms or operating systems and also on devices like VR glasses and 
Oculus Rift. You can use the C#, JavaScript, and Boo programming languages with 
the platform. Box2D makes physics simulations available. 


As with Godot, you can put scenes and animation together via clicking directly in 
the development environment. The integrated asset store plays a part in the suc- 
cess of Unity 3D, because it allows you to sell graphical objects and tools to other 
game programmers. The development environment only runs on Windows or OS 
X. Moreover, many functions can be activated only for a fee, which starts at $75 per 
month. 


GameMaker Studio [13] is likewise only available on Windows. In the past, mostly 
small role-playing and action games were developed with this. You can use it to 
create Linux games after you pay at least $198 to the manufacturer YoYo Games. 


Epic Games and Crytek have adopted a slightly modified version of the Unity 3D 
business model. Their engines represent the upper limit of the performance scale 
and accordingly they also require a lot of learning. The video titled Building Unreal 
Paris [14] delivers an impressive demonstration of Unreal Engine from Epic Games 
[15]. The Cryengine from Crytek is the workhorse in the action game Far Cry [16]. 
The development tools that come with both engines are available only for Win- 
dows except that the tools for Unreal Engine are also available for Mac OS X. Li- 
censing fees must also be paid, which for Crytek means $10 per month. Epic Games 
demands a percentage of the net sales of the game. 
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GAME DEVELOPMENT 


Godot Engine - Pong (*) opment environment also imports Ogre 
a ee : Settings and Wavefront objects. 

Similarly to Godot, you can add indi- 
por Vi o vidual 3D objects to a scene via nodes. 

‘ You can arrange the nodes in a hierarchy 
that makes it possible to build relation- 
ships among the 3D objects. The mate- 
rial properties of the 3D objects come 
from a programmable shader, as is the 
case in Godot as well. If needed, a com- 
ponent named TerraMonkey can create a 
3D landscape from an image with a top- 
ographical map or Highmaps. 

The jMonkeyEngine simulates a wide 
variety of light sources. Techniques like 
screen space ambient occlusion (SSAO) 
conjure up realistic shadows onto the 
screen. Moreover, jMonkeyEngine offers 
a wide array of special effects such as a 
particle system, a smoke and water sim- 
ulation, and light reflection. Post-proces- 
sor filters act on the displayed scenes 
and create effects like fade outs at the 
end of a level. The jMonkeyEngine sup- 
ports keyboards, joysticks, and touch- 
screens as input devices. 


Figure 7: In the new Godot 1.1, the shader is described via nodes instead of with the simplistic You can create menus and configura- 
shader language found in the earlier version. tion windows with the NiftyGUI Java li- 
URL hrie compilgamesnerraind, http:/www.godotengine.org http:/jmonkeyengine.org 
tm: 
License MIT-License/GPLv3 MIT License BSD-License 
Platforms Windows, Mac OS X, Linux, Windows, Mac OS X, Linux, iOS, | Windows, Mac OS X, Linux, An- 
HTML5 Android, PS3, PS Vita droid, Ouya 

Engine 2D 2D and 3D 3D 

Programming lan- graphical (event based) GDScript Java 

guages 

Physics simulation yes yes yes 
| Ragdoll physics no no yes 

Fog simulation no yes yes 

Particle simulation yes yes yes 

Artificial intelligence Path finding no yes 

Collision recognition yes yes yes 

Animation system no yes yes! 

Tile maps yes yes no 

Construction of a GUI no yes yes 

Network connection yes yes yes? 

Localization no yes yes 

Debugger yes yes yes 

Profiler yes yes yes 


1 No visual editor; 2 Client/Server games possible 
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brary [8]. This comes with jMonkeyEn- 
gine for constructing the user interface 
via XML markup or Java code. A Java 
port of the popular Bullet library, jBullet 
[9], controls physically correct process 
flows. It also allows for ragdoll physics, 
which is the correct movement made by 
body parts when in motion. 

You can test the source code for your 
games with the accompanying jUnit 
framework. You can translate the code 
with the MonkeyBrains Engine that was 
developed in a separate project [10]. 
Thanks to the BSD license, every devel- 
oper is permitted to adapt the source 
code for jMonkeyEngine as desired for 
use in commercial projects. 


The documentation consists of an ex- 
tremely large and well-organized wiki, 
which contains tutorials for beginners 
and detailed articles for advanced pro- 
grammers. Several books are available, 
and an open forum can also clear up 
questions. 


CONCLUSION 

GDevelop lets even the non-programmer 
create simple games. In fact, you can click 
together an entire small action game in- 
side an hour. This GCS is suitable there- 
fore for quickly building prototypes. Game 
developers are limited to relatively simple 
2D games. Furthermore, the lists of events 
and actions can easily get messy. 


segore 5e 


jMonkeyEngine. 


Figure 9: 3D objects are arranged in the jMonkeyEngine SDK in the rudimentary scene composer. 
The properties of the selected objects appear in a table on the right-hand side. 


Figure 8: A slightly expanded version of NetBeans supplies the development environment for 
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Godot is well suited for both 2D and 
3D games and is similar to the popular 
Unity 3D, a commercial game platform 
(see the “Commercial Competition” 
box). However, with Godot, you will 
need to learn its scripting language, 
which should be fairly straightforward 
especially for Python users. The func- 
tionality is greater than that of GDevelop 
but does not approach that of jMonkey- 
Engine. 

jMonkeyEngine targets experienced 
Java programmers and has many well- 
known standard components like the 
Bullet Physics simulation. If you have 
not yet worked with NetBeans, you will 
first have to work your way into the 
complex development environment or 
forego its help and integrate the engine 
directly into your program. The project 
gets high marks for its extremely com- 
prehensive documentation. e 


INFO 


1] GDevelop: http:/compilgames. 
net 

2] GDevelop game gallery: http:// 
compilgames.net/#games-gallery 
3] Godot: http:/www.godotengine. 
org 

[4] jMonkeyEngine: http:/ 
jmonkeyengine.org 

5] Bang! Howdy: http://www. 
banghowdy.com/ 

[6] Grappling Hook: http:/ghook. 
speedrungames.com/ 


[7] NetBeans: https:/netbeans.org/ 
features/index.html 

[8] NiftyGUI: hitp:/void256.github.io/ 
nifty-gui/ 

[9] Bullet: http:/bulletphysics.org/ 
wordpress/ 

[10] MonkeyBrains: https:/github. 
com/QuietOne/MonkeyBrains 

[11] Unigine: http:/unigine.com/ 
products/unigine/ 

[12] Unity 3D: http:/unity3d.com/ 

[13] GameMaker Studio: http://www. 
yoyogames.com/studio 

[14] Building Unreal Paris: https:/ 
www.unrealengine.com/ 
showcase/building-unreal-paris 

[15] Unreal Engine: https://www. 
unrealengine.com/ 

[16] Cryengine: http:/www.cryengine. 
com/ 
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o KNOW HOW /nrenacrve PYTHON 


The IPython Notebook environment offers much more than just the interactive execution of Python 
instructions. It can seamlessly integrate documents, programs, and tools with ease. 


|Python Notebook lets you do more than just program 


UPERNAT URAL 


BY MIKE MULLER 


ython has always offered an inter- 

active mode. The IPython Note- 

book environment constitutes an 

extremely multi-faceted and up- 
dated extension [1]. Besides many useful 
tools like direct shell commands, improved 
help functions, and runtime measurement 
for program parts, [Python Notebook con- 
nects source text with graphics, wiki-like 
texts, and everything that HTMLS has to 
offer in one interactive document. Users 
working with Python should not ignore 
the advantages of using Notebook. 


INTERACTIVE NOTEBOOK 

Entering python in the command line 
starts the so-called “Read-eval-print loop” 
(REPL) [2]. REPL delivers a result once a 
code line is entered. IPython, however, of- 
fers a much improved version of REPL. Al- 


though its origins are in the scientific com- 
munity, many sys admins and developers 
should not do without IPython Notebook. 

Using a shell has some disadvantages. 
In addition to the limitation of one entry 
per line, users struggle with the ephem- 
eral nature of the input mechanism, The 
IPython Notebook does offer a command 
history that reaches across sessions so 
that, when restarting, the user can find all 
previously entered commands. Still, IPy- 
thon Notebook is much more convenient 
because it saves all input. The output 
types can include text, HTML, images, 
and even GUI elements. 


GETTING STARTED 
The ipython notebook command starts a 
new browser window when the [Python 


INSTALLATION 


The IPython Notebook works with Py- 
thon2 and 3. There are several ways 
to install the software. If you use pip, 
then typing pip install 
“ipython[notebook]" will do the job. 
If you would like to install other pack- 
ages like NumPy or Pandas, then it is 
a good idea to use the Anaconda dis- 
tribution. The guidelines for installa- 
tion are described on the download 
site [5]. 

Of course, you can also use the pack- 
age manager of your Linux distribu- 
tion. Bear in mind though that your 
distribution will probably pack a sig- 
nificantly older version that may not 
support some of the features pre- 
sented in this article. 


bacho12345, 123RF.com 
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Notebook is installed (see the “Installa- 
tion” box for details). You should select 
New and then Python 3 from the drop- 
down menu to open a new Notebook. 
Figure 1 shows the result. 

The menus make for comfortable op- 
eration. The Kernel menu option indi- 
cates that Notebook is an active client, 
which is connected to a local server run- 
ning on the machine. The software pack- 
ages Tornado [3] and ZeroMQ [4] are at 
work in the background. 

The first task is always to rename the 
file. Click on Untitled and then enter the 
name you have chosen in the window 
that opens. You will then find a 
< name > .ipynb file in the filesystem 
that contains all of the information 
about the Notebook in JSON format. 


Markup WITH MARKDOWN 
The box with the gray background is 
ready for the input of Python com- 
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Figure 1: A freshly installed Notebook. 


mands, but you can also use it to enter 
formatted text. 

To do this, you will need to change the 
box’s type using the drop-down menu at 


the top: Change the option from Code to 
Markdown. Markdown is a very popular 
tool because it is simple and also be- 
cause it lets you use HTML directly if 


LISTING 1: IPYTHON %QUICKREF 


IPython -- An enhanced Interactive Python - Quick Reference Card 


obj?, obj?? : Get help, or more help for object (also works as 
Tobj, 220bj). 


?fo0.*abc* : List names in 'foo' containing ‘abc’ in them, 


‘magic : Information about [Python's 'magic' % functions. 


Magic functions are prefixed by % or %%, and typically take their 


arguments 

without parentheses, quotes or even commas for convenience. Magical line 
commands take a single % and magical cel) commands are prefixed with two %%. 
Example magic function calls: 

alias d 1s -F : ‘d' is now an alias for 'Is -F' 
alias d 1s -F  : Works if ‘alias' is not a Python name 
alist = žalias : Get list of aliases to ‘alist’ 
cd /usr/share : Obvious. Use cd -<tab> to choose from visited dirs. 
%ed?? : See help AND source for magic %cd 
Utimeit x=10 : time the ‘x=10' statement with high precision. 
aetimeit x=2**100 

x**100 

: time ‘x**100" with a setup of 'x=2**100*; setup code is not counted. 


This is an example of a cell magic. 
System commands: 

tcp a.txt b/ : System command escape, calls os.system() 
cp a.txt b/ z after frehashx, most system commands work without ! 
cp ${f}.txt $bar : Variable expansion in magic and system commands 


files = !ls /usr : Capture system command output 


files.s, files.1, files.n: “a b c", ['a','b’.'c'], ‘a\nb\nc' 
History: 
A ju me 8 Or} : Previous, next previous, next next previous input 


-i4, _ih{2:5] : Input history line 4, lines 2-4 


exec _i8l : Execute input history line #81 again 
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Zrep 81 : Edit input history line #81 

HENA : previous, next previous, next next previous output 
_dh : Directory history 

oh : Output history 

Zhist : Command history. ‘Shist -g foo’ search history for 
"foo" 

Autocall: 

tober : f(1,2) # Off by default, enable with %autocal] magic. 
ei Naya : f(1,2) (forced automatic parenthesization) 

f12 com Cah teiaa 
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Remember: Tab completion works in many contexts, not just file names 
or Python names. 
The following magic functions are currently available: 
žalias: 
Define an alias for a system command. 


%alias_magic: 


®autocall: 

Make functions callable without having to type parentheses. 
Sautomagic: 

Make magic functions callable without having to type the initial %. 
Zautosave: 

Set the autosave interval in the notebook (in seconds). 
Zbookmark: 

Manage IPython's bookmark system. 
Zcat: 


Callable object storing the details of one alias. 


Change the current working directory. 


Sclear: 
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necessary. There are three basic rules in 
using Markdown, which if followed, re- 
sult in text with a very satisfactory ap- 
pearance. 
These three rules are: 
1.An empty line indicates a new para- 
graph. 
2.A * indicates a list element. 
3.#, ##, and ### indicate heading levels 
1, 2, and 3. 
Figure 2 shows an example of Mark- 
down text. Additionally, you can use 


the Shift + Enter keys to enter a new 
line. 


PYTHON IN THE BROWSER 

Python code is the core of the IPython 
Notebook. As with an interactive prompt, 
the result for an expression comes back 
when the command is submitted, here 
with Shift + Enter. The numbering for the 
input cell In/1]: corresponds with the re- 
sult in Out{1]: and so on. Syntax coloring 
and automatic indentation are standard. 
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Figure 2: Displaying Markdown text in the IPython Notebook. 
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In [2]: deport sys 
ay 


J Teeter sce 


mtr 


Tyee: module 
String form: <eodule ‘ays’ (bullt-in)> 
bocstring: 


Dynamic objecta: 


exitfune ~- 


stdin -- standard input file object: used by raw_input() and input() 
stdout -- standard output file object; used by the print statesent 
stderr -- standard error object; used for error messages 

By assigning other file objecta (or objecta that behave Like files) 


to these, it is possible to redirect all of the interpreters 1/0. 


This module provides access to sose objects used or maintained by the 
interpreter and to functions that interact strongly with the interpreter. 


argv -- comand Line argunents: argv[0] is the script pathnase if know 


hhandler, assign other functions to replace these. 


Af sys.exitfune exists, this routine is called shea Python exits 
‘Assigning to sys.exitfune is deprecated; use the atexit module instead. 


Figure 3: A question mark brings up Help for an object. 
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Figure 4: Complete access to the command line from IPython Notebook. 


Tab expansion and interactive help offer 
convenience. A question mark immedi- 
ately following the name of the object 
you would like to know more about (e.g., 
sys?) brings up the integrated documen- 
tation and some additional information 
as shown in Figure 3. 


Maxine MaGic 
The [Python Notebook offers many so- 
called magic commands. They always 
begin with the % symbol. The %quickref 
command gives a quick overview, and 
Listing 1 shows an excerpt of the possibil- 
ities. Two important magic command rep- 
resentatives are the %ls and %less com- 
mands. The functionality of these com- 
mands corresponds to the shell com- 
mands of the same name. However, they 
are available independently of the operat- 
ing system and consequently can also be 
used when working in Windows. If the 
magical powers are not strong enough, 
you can use ! to directly execute shell 
commands. Figure 4 shows examples. 
The return values can also be saved in 
Python variables. As a result, the t = !ls 
| grep -i ubuntu call saves the result of 
the grep command in t as a [‘Ubuntu 
User iPython Demo.ipynb'] list. 


Cope GALLERY 

Python has a standard way of represent- 
ing diagrams in the form of matplotlib 
[6]. IPython Notebook supports the di- 
rect output of images. The magic com- 
mand %matplotlib inline turns on the 
required mode. Figure 5 shows the re- 
sult. In this case, the image is only a 
static PNG file; however, several exten- 
sions make it possible to show interac- 
tive diagrams in the notebook. These ex- 
tensions work with JavaScript to interac- 
tively enlarge excerpts. 

The [Python Notebook environment 
can also display tables in an attractive 
way. Objects need only have a _repr_ 
html_Q method. IPython Notebook will 
invoke this method before the usually 
invoked method __repr__(). Figure 6 
shows how a Pandas data frame, which 
has a_repr_html_() method, looks as a 
table. Pandas [7] is a commonly used li- 
brary for fast and extremely convenient 
work with tabular data. 


HELPING HANDS 
The list of attractive qualities for [Python 
Notebook is long. Highlights include the 
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possibility for measuring runtime perfor- 
mance of program parts as well as profil- 
ing. Figure 7 shows how %timeit mea- 
sures how long Python needs to execute 
a line. The % %timeit version works on 
all of the lines in a cell, as do all magic 
commands with two percent symbols. 
The %prun add(1, 1) command is used 
to start the Python profiler, cProfile, 
which shows what resources are con- 
sumed by each function. 

If you would like to figure out how an- 
other version of Python or a completely 
different programming language might 


solve a particular task, you can stay in- 
side the notebook. The % %python2 com- 
mand turns a line into a Python2 pro- 
gram. This lets you try out Python2 code 
in a Python3 notebook. Of course, this 
also works in reverse. Additional lan- 
guages such as Perl, LaTeX, JavaScript, 
and even Fortran are also ready to use 
when a cell is appropriately marked. 
IPython Notebooks can be exported to 
static HTML pages and also to Python 
source text files. The accompanying con- 
verter supports many more formats. You 
can also create lecture slides with IPy- 
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Figure 5: Images are directly displayed in IPython Notebook. 
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Figure 6: The table in HTML format comes from the DataFrame object. 


Ip [15]: Stiseat ms 
100000000 loops, best of 3: 16.9 ns per loop 


Figure 7: Convenient measurements of runtime with one line of code. 
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thon Notebook. This is, of course, a very 
interesting exercise for slides prepared 
for a lecture on Python because you can 
directly test code examples and even 
have syntax coloring available as part of 
the presentation. 


OUTLOOK 

IPython Notebook has supported other 
programming languages in addition to 
Python for a long time. The number of 
supported languages is about 30. All of 
the language independent parts of the 
project are named Jupyter. The IPython 
team is currently focused on building in 
new functionality. The main goals are a 
real-time collaboration capability for de- 
velopers similar to Google Docs. Soft- 
ware creation of GUI input elements is 
also getting lots of attention. Based on 
the speedy rate at which previous devel- 
opment efforts have been completed, 
you can look forward to much new func- 
tionality in the next few years. 


CONCLUSION 

The IPython Notebook deserves the 
name “killer app.” It has become the 
standard tool at scientific conferences 
for tutorials and increasingly also for lec- 
tures. Given its extreme versatility, IPy- 
thon Notebook is also useful for anyone 
working with Python who is seeking a 
lot of payback in exchange for a brief 
training period. 

The environment is highly suitable for 
trying out ideas. You get an immense 
number of benefits if you are looking to 
introduce programming concepts to other 
people. Last but not least, IPython Note- 
book makes it easy for a beginner to start 
programming. It is downright ideal for 
learning the basics of programming. « 


INFO 


[1] Python Notebook: http:/ipython. 
org/notebook.htm! 

[2] Read-eval-print loop (REPL): 
http://en. wikipedia. org/wiki/ 
Read-eval-print_loop 

[3] Tornado: http:/www.tornadoweb. 
org 

[4] ZeroMQ: http:/zeromg.org/ 


[5] Anaconda: http:/continuum.io/ 
downloads 


[6] Matplotlib: Attp:/matplotlib.org/ 
[7] Pandas: http:/pandas.pydata.org/ 
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Both init and systemd can be used to start, monitor, and shut down services on Linux systems, but 
these utilities differ in terms of configuration and operation. 


System V style init and systemd in practice 


WHO'S Boss 


Dejan Radic, 123RF 
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hen it comes to manag- 

ing system services, a 

Linux system adminis- 

trator can choose be- 
tween the classic init [1] and the 
relatively new systemd [2]. These 
utilities form a meeting ground for 
mature technology and new con- 
cepts. 


Post-Boot 

Directly after booting the kernel, a 
service will start and then accom- 
pany the rest of the system’s ongo- 
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ing operation and shut down. 
Throughout, this service is as- 
signed the Process ID 1. 

You can use ps on a running sys- 
tem to determine which program 
executes the administration of ser- 
vices. (See the instructions in the 
“Determining Process 1” box.) 
Whatever the result, you may be 
misled because of a possibly exist- 
ing downward-compatible invoca- 
tion, which may have convinced 
you that init is performing this task 
when it is indeed systemd. 


SYSTEM STATES (INIT) 

On Linux and other related sys- 
tems, a runlevel defines a certain 
system state, which may include 
services that are running (dae- 
mons). 

In Table 1, you will find a list of 
the possible system states. Except 
for S, all of the other states are in- 
dicated with a numerical value 
running from 0 to 6. The runlevels 
between 2 and 5 are not used uni- 
formly by the various distributions. 

You can determine what the de- 
fault runlevel at system start is by 
looking at the beginning of the / 
etc/inittab file. Listing 1 shows a 
relevant snippet. The standard run- 
level of the system, initdefault, is 
indicated in the line beginning 
with id. The default runlevel is 2 in 
the example. 
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The single user mode (si:) must 
have previously finished, except in 
emergency mode due to interrup- 
tions of the boot process. There’s 
an important entry at the end of the 
listing. init executes an automatic 
login for root as a necessary pre- 
condition for operating the system 
in single user mode. 


STARTING SCRIPTS (INIT) 

The init service invokes the start 
and stop scripts belonging to the 
applicable runlevel so that the de- 
sired system state can be estab- 
lished. In Debian based systems, 
such as Ubuntu, you will find the 
scripts under /etc/init.d. 

If you use the package manager 
of your Linux distribution, you will 
find that the scripts have already 
been set up with the installation of 
the service. It is seldom the case 
that you will need to do a manual 
set up. However, if you do find 
yourself needing a script, then you 
should use the files that already 
exist as a model [3]. 

Listing 2 shows the start and stop 
scripts for atd, which are set up by 
the distribution. 

When you modify the configura- 
tion of a service (i.e., a daemon), 
you can manually stop and restart 
the service with this script (Figure 
1). You can also ask about the dae- 
mon’s. To execute the desired ac- 
tion, you should include start, stop, 
and status when you call the script. 


RUNLEVELS AND DIRECTORIES (INIT) 
Each runlevel has its own directory 
where there are links that point to / 
etc/init.d/[SCRIPTNAME]. The link 


TABLE 1: RUNLEVEL 


Action 


Shutdown, powering down, writing buffered data to the disk, terminating network 
connections, synchronization and unmounting the data storage devices from the di- 
rectory tree (sync, umount), possibly disconnecting the power supply 


[ ok ] atd is running. 
root@ZE6:/etc/init.d# 


root@ZE6:/etc/init.d# ./atd stop 

[ ok ] Stopping deferred execution scheduler: atd. | 
root@ZE6:/etc/init.d# ./atd start | 
[ ok ] Starting deferred execution scheduler: atd. | 
root@ZE6:/etc/init.d# ./atd status 


Figure 1: Stop, start, and status inquiry of a service using an init script. 


root@ZE6:~# who -r 
Runlevel 2 
root@ZE6:~# 


DETERMINING PROCESS 1 


Using the correct query, you can deter- 
mine whether the system uses the clas- 
sic init or systemd. By means of the -ax 
option of the ps command, you will get 
the following output even on a com- 
puter managed by systemd. 
~$ ps -ax | head -2 

PID TTY 


STAT TIME COMMAND 


13 Ss 0:01 /sbin/init 
To avoid being misled, you should use 
the -e option so that you get the correct 


results: 


name begins with an S when it 
stands for a start script or with K 
for kill script. 

The alphabetical order deter- 
mines the processing sequence. 
When a service is installed with a 
package manager, its links receive 
appropriate name. When you com- 
pile a service, then you need to fig- 
ure out the order yourself. For ex- 
ample, you must remember a web 
server can only be started once the 
network is already running. In the 


for system administration 


Single user for root, no network access, computer access only via the console, used 


2015-05-24 09:37 


Figure 2: Determining the current and previous runlevels. 


last=S 


~$ ps -e | head -2 


PID TTY TIME CMD 


iri 00:00:01 systemd 


On a system using init, you will get the 
following output: 
~$ ps -e | head -2 


PID TTY TIME CMD 


ug 00:00:00 init 


Using pstree also gives you the correct 
output. 


worst case, you can always name 
your script S99zzzzz. 

The runlevel directories rc0.d, 
rel.d, re2.d, rc3.d, rc4.d, rcS.d, 
rc6.d , and rcS.d are located under / 
etc. In the latest Debian and 
Ubuntu versions, the directories 
rc3.d, rc4.d, and rcS.d have almost 
identical content to rc2.d and are 
not usually used. This is an oppor- 
tunity for the tinkerer; you can, for 
example, create groupings of server 
services. 


Command 


Runlevel 


shutdown -h now, init 0 


inits 


Single user without network access, computer access only via the console 


Multi-user operation with or without network access, with or without graphical user 
interface, depends on settings of the distribution used 


init [2-5], exitin sor 1 


Reboot, reload computer, restart, write buffered data to the disks, disconnect network 
connections, synchronize, and unmount data storage devices from the directory tree 
(syne, umount), restart computer with appropriate boot procedure 
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shutdown -r now, reboot, init 
6 
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ubuntuuser@ubuntuuser-XPS-M1330:~$ sudo systemctl enable netshow.service 
Created symlink from /etc/systemd/system/multi-user. target .wants/netshow. service 


to /etc/systemd/system/netshow.service. 


ubuntuuser@ubuntuuser-XPS-M1330:~$ sudo systemctl start netshow.service 
ubuntuuser@ubuntuuser-XPS-M1330:~$ sudo systemctl status netshow.service 
 netshow.service - Listing of active hosts 


Loaded: 
enabled) 

Active: 

Docs: 

Main PID: 


man: fping(8) 
4077 (netshow.sh) 


CGroup: /system.slice/netshow.service 


loaded (/etc/systemd/system/netshow.service; enabled; vendor preset: 


active (running) since Mon 2015-07-27 11:47:21 EDT; 6s ago 


Esa /bin/sh /usr/sbin/netshow.sh 
079 fping -r © -g 192.168.1.0 24 


Jul 27 11:47:21 ubuntuuser-XPS-M1330 systemd[1]: Started Listing of active h..... 
21 ubuntuuser-XPS-M1330 systemd[1]: Starting Listing of active .... 


Jul 27 11:47: 


Hint: Some lines were ellipsized, use -1 to show in full. 


ubuntuuser@ubuntuuser-XPS-M1330:~$ ff 


Figure 3: Installing a service. 


The script for this example atd is 
located in /etc/init.d. The S1Satd 
link for startup is found in /etc/ 
rc2.d. The links that init calls to 
end this daemon are found in sev- 
eral directories, namely /etc/rc0.d, 
/etc/rcl.d, and /etc/rc6.d. In each, 
the link is named KOlatd. This ac- 
tion is presented more clearly in 
Listing 3. 


INITTAB CONFIGURATION (INIT) 

Note the inittab file is not currently 
used in Ubuntu and hasn't been 
used since Upstart was included in 
Ubuntu 9.10 - Karmic Koala. How- 
ever, old installations and other 
distros still include the inittab, 
even those that have passed on to 
systemd. 


Listing 1: DEFAULT RUNLEVEL IN 
INITTAB 


ol. 

02. 

03. 

04 # The default runlevel, 
05 id:2:initdefault: 

06 


07 # Boot-time system configuration/ 
initialization script. 


08 # This is run first except when booting 
in emergency (-b) mode. 


09 siz:sysinit:/etc/init.d/rcS 

10 

11 # What to do in single-user mode. 
12 ~~:S:wait:/sbin/sulogin 

13). 

14. 

15 
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Therefore, knowing about this file 
is still useful.For the record, the 
inittab file controls what happens 
whenever a system is rebooted or 
forced to change run levels. 

This file has entries in the follow- 
ing form: 


id:Runlevel(s):Action:Command 


o KNOW HOW sysremo works Žž ž ă ă ăžă ă ă SSS 


The first field, id, indicates the 
entry clearly and uniquely. You can 
list one or more runlevels in field 2 
to which the entry should apply. 
When there are several runlevels, 
they must be entered in ascending 
order. See the excerpt in Listing 3 
for the id ca. 

The third field of the entry in / 
etc/inittab tells init how it should 
behave. You will find some of these 
applications in Table 2. 

You have already seen the beginning 
of /etc/inittab in Listing 1. The file con- 
tains additional possibilities for interest- 
ing settings. There is an excerpt from / 
etc/inittab in Listing 4. At the beginning 
of Listing 4, you can see an instruction 
for init telling it to wait for the finish of 
the /etc/init.d/rc script for the indicated 
runlevel. 

You can also see the instruction 
for what should happen when the 
key combination Ctrl+Alt+Del is 
pressed. The computer start is pre- 


LISTING 2: START AND STOP Scripts FOR ATD 


01 #! /bin/sh 
02 #iHf BEGIN INIT INFO 
03 # Provides: atd 


04 # Required-Start: 
fs 


Ssyslog $time Sremote_ 


05 # Required-Stop: 
fs 


$syslog $time Sremote_ 


06 # Default-Start: 2345 


07 # Default-Stop: 016 


08 # Short-Description: Deferred execution 
scheduler 


09 # Description: Debian init script for 
the atd deferred executions 


10 # 

11 #HHE END INIT INFO 

12 # 

13 # Author: 
debian.org> 

14 # 

15 


scheduler 


Ryan Murray <rmurray@ 


16 PATH=/bin:/usr/bin:/sbin:/usr/sbin 
17 DAEMON=/usr/sbin/atd 

18 PIDFILE=/var/run/atd.pid 

19 

20 test -x SDAEMON || exit 0 

al 

22 . /Vib/Isb/init-functions 

23 


24 case "$1" in 


25 start) 


26 log_daemon_msg "Starting deferred 
execution scheduler” "atd" 


27 Start_daemon -p $PIDFILE $DAEMON 
28 Jog_end_msg $? 

29 

30 stop) 

31 Jog_daemon_msg “Stopping deferred 


execution scheduler” "atd" 


32 killproc -p $PIDFILE SDAEMON 
33 log_end_msg $? 
34 


35 force-reload|restart) 
36 $0 stop 
37  $0start 


39 status) 


40 status_of_proc -p $PIDFILE $DAEMON atd 
Ak exit 0 |] exit $? 


Goa), 
43 echo “Usage: /etc/init.d/atd (start|sto 
p|restart|force-reload|status|* 


44 exit 1 


48 exit 0 
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LISTING 3: STARTING SERVICES 
USING ATD 


Within the /etc directory: 
init.d/atd 


rcO.d/KOlatd -> ../init.d/atd 


rel.d/KOlatd -> ../init.d/atd 
re2.d/Sl5atd -> ../init.d/atd 
ne3.d/Sl5atd -> ../init.d/atd 
re4.d/Sl5atd -> ../init.d/atd 
reS.d/Sl5atd -> ../init.d/atd 
rc6.d/KOlatd -> ../init.d/atd 


set for all runlevels except 0 and 6. 
The pf, pn, and po entries specify 
how to handle a power outage in 
the presence of an Uninterruptible 
Power Supply (UPS). 

The block beginning with # Note 
that on most Debian ..... determines 
console activation. The first console, 
ttyl, is activated for the runlevel 1 
with 5. The virtual consoles tty2 and 
tty6 are reserved for runlevels 2 and 
3. In Debian, the graphical user in- 
terface is on tty7. If you need more 
virtual consoles, and if you are 
working on a Debian computer, you 
can begin the setup of additional 
consoles starting with tty8. 


RUNLEVEL AND SERVICE 
ADMINISTRATION (INIT) 

You can find out the current and 
previous runlevels using the com- 


TABLE 2: INITTTAB ACTIONS 
Action 


Specifying standard runlevel 


During the runlevel change 


After terminating the indicated process, the program will be restarted 


Assigning the meaning of the key combination Ctrl+Alt+Del 


ee Ee 
E boot 


xecuted only with system start, not with subsequent runlevel changes 


List of active network users 


192.168.1.100 
192.168.1.162 
192.168.1.104 i 
192.168.1.105 i 
192.168.1.106 i 
192.168.1.109 
192.168.1.110 
192.168.1.111 i 
192.168.1.113 i 


192.168.1.1 is alive 

192.168.1.234 is alive 
'192.168.1.30 is alive 
'192.168.1.80 is alive 


ubuntuuser@ubuntuuser-XPS-M1330:~$ If 


ubuntuuser@ubuntuuser-XPS-M1330:~$ cat /tmp/netlist 


Figure 4: The log created by the service. 


mand who -r (Figure 2). The com- 
mands in Table 3 are used for a 
runlevel change, including shut- 
down and restart of a computer. 
When you use the kill -1 1 com- 
mand, init reads its configuration 
again without restarting the com- 
puter. You can power down the sys- 
tem using the kill -9 1 command. 


SYSTEMD 

In contrast to init, systemd, used 
by Ubuntu as from 15.04 - Vivid 
Vervet, starts services in parallel, 
making the operating system load 
faster. To ensure that this works, 
systemd itself sets up the sockets, 
which the services will use for 
communication once they are 
started. It then buffers any data to 


be handed to a service until the 
service has successfully started and 
can accept them. 

If the service crashes, then sys- 
temd can restart it. All accesses by 
the client applications are buffered 
during the restart and are then pro- 
cessed by the daemon. The sockets 
set up by systemd can be trans- 
ferred to other executing programs. 
These then assume control of the 
sockets. 

It is possible to track processes 
that use cgroups. This feature is a 
kernel function, which collects pro- 
cesses together with their child 
processes into groups with a hierar- 
chical structure. 

A cgroup receives its name from 
the service, and a cgroup is formed 


See also Listing 1. 


For example, for interfaces, terminal 


Waits for the termination of the indicated 


| Command Explanation 
initdefault 
respawn 
windows. 
init 
process. 
ctrlaltdel 


shut down -h or restart (-r) make sense 


shutdown -r now, reboot, init 6 


a 


program 


tem will be powered down 


Executed once when indicated runlevel is reached 


When UPS is present: Process is started upon power interruption 


When UPS is present: No waiting for process termination of the called 


When UPS is present: The UPS reports that batteries are empty, the sys- 


once 


powerwait 
powerfail 


powerfail- 
now 


termination of the called program 


When UPS is present: Power supply established, waiting for process 


power- 
okwait 
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———— 


In preparation for a shutdown, sending 
an alert notification, etc. 
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for each service under systemd. 
This process grouping lets you 
avoid the type of chaos that can 
arise when there are numerous ex- 
ternal processes under one service. 
Additionally, this approach pre- 
vents some of the external pro- 
cesses from surviving when the ser- 
vice crashes. 

Not all of the services necessar- 
ily need to be started at system 
start. Instead, many can be exe- 
cuted when only when they are 
needed for the first time, which 
speeds up the boot process quite a 
bit. For this to happen, it is neces- 
sary to evaluate the activity on a 
network or IPC socket or a FIFO 
buffer. In this regard, systemd 
partly assumes functionality from 
inetd. 

It is possible now to make a lot 
of invocations without being the 
root user. Additionally, systemd 
takes on the administration of 
mounts. It is also possible to take 
snapshots of the state of the sys- 
tem to later restore it if needed. 

The runlevels continue to exist 
in the form of targets. You can fig- 
ure out the purpose of the .target 


LISTING 4: AN EXCERPT OF INITTAB 


s/etc/init.d/re 0 
v/etc/init.d/re 1 
t/etc/init.d/re 2 
sfete/init.d/re 3 
s/etc/init.d/rc 4 


s/etc/init.d/re 5 


s/etc/init.d/re 6 


08 # Normally not reached, but fallthrough in 
case of emergency. 


09 26:6:respawn:/sbin/sulogin 
10 
11 # What to do when CTRL-ALT-DEL fs pressed. 


12 ca:12345;ctrlaltdel:/sbin/shutdown -t1 -a 
-r now 


14 # Action on special keypress (ALT-UpArrow). 


15 #kb::kbrequest:/bin/echo “Keyboard 
Request--edit /etc/inittab to let this 


work.” 


17 # What to do when the power fails/returns. 
18 pf::powerwait:/etc/init.d/powerfail start 


19 pn: :powerfailnow:/etc/init.d/powerfail now 
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root@ze7 :~# systemctl stop postgresql@9.4-main.service 

root@ze7 :~# systemctl disable postgresql@9.4-main.service 

ved symlink /etc/systemd/system/multi-user .target .wants/postgresql@9.4-main. 
rvice. 

root@ze7 :~# systemctl mask postgresql@9.4-main.service 

reated symlink from /etc/systemd/system/postgresql@9.4-main.service to Jeeu (rast 


root@ze7 :-# systemctl status postgresql@9.4-main.service f 
postgresql@9.4-main.service l 
Loaded: masked (/dev/null) 

Active: inactive (dead) since Fr 2015-05-29 22:34:00 CEST; lmin 14s ago 

Main PID: 586 (code=exited, status=0/SUCCESS) 

jroot@ze7 :~# 

root@ze7:-# systemctl unmask postgresql@9.4-main.service 

moved symlink /etc/systemd/system/postgresql@9.4-main.service. l 
iroot@ze7 :~# systemctl enable postgresql@9.4-main.service 

reated symlink from /etc/systemd/system/multi-user.target.wants/postgresql@s .4- 
in.service to /lib/systemd/system/postgresql@.service. 

root@ze7 :~# systemctl start postgresql@9.4-main.service 

root@ze7:-# systemctl status postgresql@9.4-main.service 
postgresql@9.4-main.service - PostgreSQL Cluster 9.4-main 

Loaded: loaded (/Lib/systemd/system/postgresql@. ervice; enabled) 

Active: active (running) since Fr 2015-05-29 22:36:04 CEST; 21s ago 

Process: 26376 ExecStart=postgresql@%i %i start (code=exited, srat oen 


) 
Main PID: 26382 (postgres) 
CGroup: /system.slice/system-postgresql .slice/postgresql@9 .4-main.service i 

26382 /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresq... 
26384 postgres: checkpointer process 
26385 postgres: writer process 
26386 postgres: wal writer process 
26387 postgres: autovacuum launcher process 
26388 postgres: stats collector process 

root@ze7 :~# J 


Figure 5: Working with systemctl. ; 


files from their names - for exam- 
ple, in halt.target, which powers 


scripts for administration of ser- 
vices, known as RC scripts, are 


down the system. supported. 
As with Upstart, systemd ignores 
the /etc/inittab file. However, the CONFIGURING SERVICES AND 
RESOURCES (SYSTEMD) 


The directions for configuring and 
executing services are stored in so- 


20 pos :powerokwait:/etc/init.d/powerfail stop called units. These are interchange- 


21 
22 # /sbin/getty invocations for the ListiNG 5: A UNIT FILE FOR AT 
runtevels. 
01 [Unit] 
23 # 
02 Description=Deferred execution scheduler 
24 i The "id" field MUST be the same as the 
03 Documentationeman:atd(8) 
last 
04 
25 # characters of the device (after "tty"). 
05 [Service] 
26 # 
06 ExecStart=/usr/sbin/atd -f 
27 i Format: 
07 IgnoreSIGPIPE=false 
28 # <id>:<runlevels>:<action>:<process> 
08 
29 it 
09 [Install] 
30 # Note that on most Debian systems tty7 is 


used by the X Window System, 10 WantedBy=multi-user.target 


31 # so if you want to add more getty's go 
ahead but skip tty7 if you run X, 


32 # 
33 1:2345:respawn:/sbin/getty 38400 ttyl 


RUNLEVEL CHANGE 


Init = Commands 


TABLE 3 


34 2:23:respawn:/sbin/getty 38400 tty2 init 0, shutdown -h now, halt 


35 3:23: respawn: /sbin/getty 38400 tty3 


Ea 
ea init 1 
init [2-5] 


le | init 6, shutdown -r now, reboot 


36 4:23:respawn:/sbin/getty 38400 tty4 
37 5:23: respawn:/sbin/getty 38400 tty5 


38 6:23:respawn:/sbin/getty 38400 tty6 
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ably named units or services. The 
various unit types are described in 
Table 4. The individual configura- 
tion files exist as plain text and are 
structured like INI files. Thus, it’s 


LISTING 6: NETSHOW.SH 


01 #! /bin/sh 


02 while true; 


03 do 


05 echo “List of active network users" > / 
tmp/netlist 


--" >> /tmp/netlist 


07 date +%d.%m.%Y-%H:%M:%S >> /tmp/netlist 


--" >> /tmp/netlist 


10 # Execute fping and save entire output 
in jog file 


12 fping -r 0 -g 192.168.0.0/24 > fping.1og 
2>81 


14 # Change 192.168.0.0/24 to whatever works 
for your network 


16 # Filter out the unreachable hosts 


18 cat fping-log | grep "alive" | sort >> 
/tmp/netlist 


19 echo "---------------=----+-+2-----=27-- 
--" >> /tmp/netlist 


20 sleep 120 


21 done 


„automount 


possible to edit them with any text 


editor. 

Continuing from the example I 
used previously in the section on 
init, for the at daemon, you will 
find the structure of a typical unit 
file in Listing 5. 


These files and links to them are 


always stored in /lib/systemd so 


that they are accessible when boot- 


ing. In the case of Debian and 
Ubuntu, you will find additional 


unit files stored in /usr/lib/systemd 


LISTING 7: NETSHOW.SERVICE 


0 


Cunit] 

02 Description=Listing of active hosts 
03 Documentation=man:fping(8) 

04 

05 [Service] 

06 ExecStart=/usr/sbin/netshow.sh 

07 IgnoreSIGPIPE=false 

08 

09 {Install} 

1 


WantedBy=multi-user.target 


Listing 8: STORING Logs Usine 
JOURNALD 


01 [Journal] 


02 Storage=persistent 


Configures a mount point for automatic mounting of a data storage device. 


. Modified unit files are located in / 
etc/systemd/system. Files that the 
system created at runtime are lo- 
cated in /run/systemd/system. 

If you want to create or modify 
your own service unit files, you can 
copy files your want to modify from 
/lib/systemd/...../ to /etc/systemd/ 
system/. You can also save new unit 
files there. However, it is not a 
good idea to ever save modified or 
new unit files in /lib/systemd/ be- 
cause they will be overwritten dur- 
ing updates of systemd. 

The unit files have various sec- 
tions which contain specifications 
and assignments. Table 5 shows a 
large selection; the entire list can 
be found in the manpages [4]. A 
unit file will contain only one sec- 
tion in addition to [Unit] and, if 
necessary, [Install]. 


fs- fuse-connections mount static 
-kernel-config. mount 


‘sa-restore.service 
\lsa-state.service static 
\lsa-store,service static 
Isa-utils service masked 
ron-resume.service enabled 


otlogs.service 
Service masked 


Figure 6: List of all unit files. 


device The device intended for administration under systemd and that exists in the device tree of udev. 
«mount The definition of a mount point administered by systemd and created by the fstab generator. 
path Starts additional services when objects in the indicated path have been modified. 
.scope Are automatically created by systemd, and assist with the administration of system processes. 
„service Information about processes 

—— 
„slice Assists the resource administration of processes, is connected with the Linux Control Group Nodes. 


.snapshot Makes it possible to restore the system state during a session that existed before a change. 


«socket Describes a network, IPC socket or FIFO buffer, which systemd uses for a socket based activation. It always belongs 
to a.service entry that is triggered by activity on the socket. 

.swap Specifications for external swap space using a device or file. 

„target Bundling of several units into a synchronization point, previously referred to as runlevel. 

„timer Sets a timer for a delayed or scheduled activity 
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TABLE 5: SECTIONS AND SPECIFICATIONS IN UNIT FILES 
Unit Action 


Contains descriptions of and dependencies on other units. 


Description= Short description, states the functionality. 


Documentation= | Lists the manpages and where to find further information. 


Requires= The units referred to here need to be active beforehand or simultaneously or starting the unit with this entry will fail. 
Wants= Similar to Requires, these are necessary units that could not be activated but don’t interfere with the start. 
BindsTo= Similar to Requires, terminates the current unit when the indicated units are no longer active. 

Before= The units indicated here are started after or at the same time as the current unit. 

After= The units indicated in here are started before the current unit. 

[Install] This section is read by the sysctl program for the enable or disable specifications during the work with the 


current unit. systemd does not need this section. 


WantedBy= During execution of systemct! enable, symbolic links are set in the /etc/systemd/. .target.wants directory 
pointing to /lib/systemd/..... If not already present, the .target.wants directory is created under /etc/systemd/. 

Also= The calls sysctl enable and sysctl disable both process the units listed here. 

RequiredBy= This is where dependencies are stated. If these are not available then sysctl cannot enable the current unit. In 
case of success, a .requires unit is saved to /etc/systemd/..... 

Service Start configuration for services. 

Type=simple The call given for ExecStart is the main process for the indicated service. 

Type=forking The call indicated by ExecStart terminates after the start has been successfully completed. The child pro- 


cesses run as main processes. 


Type=oneshot As with simple, the next units are called after the end of the process which has been started. This is standard 
behavior when neither a Type= nor a ExecStart specification exist. Example: creating or cleaning directories. 


eee cee 
Environment= Variable definitions. 


ExecStart= Indication of the service to be started, if necessary with indication of the path and the variables set with Envi- 
ronment. 


ExecStop= 
Restart= 


Commands to stop a service which starts with Type=oneshot 


— 
Indicates whether the service has to be restarted after its process has terminated or it is in timeout. If the pro- 
cess is terminated by systemad, it has no effect. 


Restart=no The service does not restart. 


Restart=always | Restart independently of the exit code of the process. 


L 


Specifies the filesystem. 


Mount options (rw, ro, etc.). 


Specifies a filesystem path which can be monitored by systemd. 


Checks to see whether the path exists. 


Monitors modification to the given path. 


The unit to be activated. 


TABLE 6: RUNLEVEL TARGETS 
Init Runlevel | Action 3 


lo | poweroff.target Power and shut down computer 


rescue.target Single user mode without network 


multi-user.target Multi-user mode on 


Ea (As above - In Debian 7 corresponds to runlevel 2) 


(As above) 


init [2-5], exitin sor 1 


Multi-user, network, graphical user interface) 


Will be output as 5 with who -r 


reboot.target Restart computer 


Additionally, there are more targets which can more precisely divide the system states. 
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TABLE 7: SYSTEMCTL OPTIONS 


WIT/SERVI 


make startable enable UNIT 
make non-startable disable UNIT 
for enable/disable: Immediately start/stop service --now 

| start start UNIT 
stop stop UNIT 
restart restart UNIT 
read configuration again reload UNIT 
Status inquiry status UNIT 
masking, for special characteristics see section mask UNIT 
above 
unmask (for special characteristics see section unmask UNIT 


above) 


Show help for unit help UNIT 


all unit files and their status list-unit-files 


all units list-units 


mounts -t mount 


automounts -tautomount 


services -t service 


devices -t device 


sockets -t socket 


targets -t target 
bus name -t busname 
swap space -t swap 
timer -t timer 
paths -t path 


-t slice 


slices 


scopes -t scope 

snapshots -t snapshots 

k 

dependencies list-dependencies UNIT-FILE 


failed units --failed 


list-machines 


containers 


enabled? is-enabled SERVICE 


poweroff 


restart reboot 


power down and shut down 


single user mode, system maintenance rescue 

suspend mode suspend 

switch runlevel isolate TARGET 

list unit file cat UNIT 

list all properties show UNIT F) 
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TABLE 8: JOURNALCTL - IMPORTANT 
OPTIONS 


Running display 


RUNLEVELS AND TARGETS 


The runlevels continue to exist in 
the form of corresponding targets. 
However, they differ by distribu- 
tion. The entries here originate 
from a Debian 8, but are more or 
less the same in Ubuntu. Table 6 
contains a list of comparisons. 


Your Own SERVICE (SYSTEMD) 

After all that theory, I’ll now show 
how to create your own systemd 
service. The shell script in Listing 
6 collects a list of the hosts found 
on the network at a given interval. 
It is saved in executable form 
under /usr/sbin. You will be able 
to see the results using tail -f / 
tmp/netlist. txt. 

You should first create the shell 
script shown in Listing 6 and save 
it in the /usr/sbin directory as net- 
show.sh (for it to work, you may 
have to install fping first using 
apt-get). Remember to make it exe- 
cutable with 


sudo chmod 700 netshow.sh 


so that systemd can start the pro- 
gram. Then, save the unit file net- 
show.service (Listing 7) in /etc/sys- 
temd/system. 

Now systemd must be instructed 
to process the unit file and start 
the application. To do so, the ser- 
vice must be enabled with sysctl in 
order to establish a permanent 
start: 


sudo systemct] enable netshow.service 
In the process, the required sym- 
bolic link will be created in the 
target directory multi-user.target. 
You then start the service with 


the following command: 


sudo systemct] start netshow.service 
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root@ze7:~# systemctl list-units --all --type=mount 


UNIT LOAD ACTIVE SUB DESCRIPTION 
- mount loaded active mounted / 
dev -hugepages . mount loaded active mounted Huge Pages File System 
dev -mqueue . mount loaded active mounted POSIX Message Queue File System 
proc-sys-fs-binfmt_misc .mount Loaded inactive dead Arbitrary Executable File Formats 
run-rpc_pipefs.mount loaded active mounted /run/rpc_pipefs 
run-user-1000.mount loaded active mounted /run/user/1000 
run-user-117.mount loaded active mounted /run/user/117 
sys-fs-fuse-connections.mount Loaded active mounted FUSE Control File System 
sys-kernel-config.mount loaded inactive dead Configuration File System 
sys-kernel-debug.mount loaded active mounted Debug File System 
tmp .mount loaded inactive dead Temporary Directory 

> var-Lock .mount not-found inactive dead var-lock .mount 

|) var-run.mount not-found inactive dead var- run .mount 

LOAD = Reflects whether the unit definition was properly loaded. 

ACTIVE = The high-level unit activation state, i.e. generalization of SUB. 

SUB = The low-level unit activation state, values depend on unit type. 


13 loaded units listed. 


To show all installed unit files use 'systemctl list-unit-files'. 


>) 


Figure 7: Filtered list of unit files by type. 


[HL /sbin/init 
f-system.slice 
vahi-daemon.service 


9 avahi-daemon: chroot helpe 
lev-sda5 .swap 
us Service 


lodemManager .service 
L426 /usr/sbin/ModemManager 
ron.service 
(427 /usr/sbin/cron -f 
rc-local.service 
fs-common.service 

09 /sbin/rpc.statd 

23 /usr/sbin/rpc .idmapd 
run-user-117,mount 
ystemd-modules-load.service 
run-rpc_pipefs .mount 
xim4.service 
L949 /usr/sbin/exim4 -bd -q30m 
ache2.service 
504 /usr/sbin/apache2 -k start 


9 avahi-daemon: running [ze7.local 


L449 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile 


SYSTEMD FUNDAMENTALS 


Knowing a few rules can make 
working with systemd straightfor- 
ward and successful. Here are some 
important things to remember: 

e A unit must be enabled so that 
you can start it manually or au- 
tomatically. 

e A unit must be disabled so that it 
cannot be started again. 

e A unit, or a non-modified unit 
file you created on your own, 
should be masked to protect it 
from inadvertently being en- 
abled. 

e You should move a unit which 
has a service file in /etc/sys- 


Figure 8: A process tree presented with systemd-cgls. 


NAME STATE 
ze7 (host) running 


1 machines Listed. 
root@ze7 :~# J 


root@ze7:~# systemctl List-machines -1l 
FAILED JOBS 


0 0 


temd/system up one directory 

level. This ensures the file 

against inadvertently being en- 

abled. 

A masked unit can only be re-en- 

| abled if it is unmasked before- 
hand. There is no unit file in / 
etc/systemd/system. 

è You should copy or move a file 
that you have created or modi- 
fied to /etc/systemd/system. 


Figure 9: Listing of a container. 
You can check to see whether the 
service is running with the follow- 


ing command: 


systemct] status netshow.service 
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You can see the entire installation 
procedure in Figure 3. 

Additionally, the outcome of the 
executing service can be found in 
Figure 4. 


When masking a unit, a link 
pointing to /dev/null will be saved 
in the target directory. This indi- 
cates to systemd that the unit file 
with this designation should not 
be considered. A concrete exam- 
ple is provided in the following 
section. 


UBUNTU USER + WWW.UBUNTU-USER.COM 


Senices ~ | O inactive too x Peload configuration || Take Snapshot | | | 
(oad State ActiveState Unit State Unit 
iaaea ace emea systemausersessions.serice 
loaded active running dbus.service 
loaded active running avahi-daemon. service 
loaded active eted speech-dispatcher serice 
loaded active running eximé.service 
loaded active running wicd.senice 
loaded active ented darkstat.service 
loaded active ented saned.semice 
loaded active running x2goserverserice 
loaded active running apachez.serice 
loaded active ated postgresql service 
loaded active running postgresqi@9.4-main.service 
loaded active running cups-browsed.service 
loaded active running sshserice 
loaded 


‘ModemManager. service 


id: 
Description: 
Dependencies: 

wi 


sic.target(active) 
em.slice(active) 


(active), system.slice(active), systemdjournald. socket(running) 
before: muiti-usertarget(active), shutdown.target(dead) 


Fragment Path: fib/systemd/systenvatd service 
Control Group: n/a 
Loadstate: loaded 


Active State: active Activated: Sa, 30 Məl 2015 21113143 Can Start/Stop: Yes 
Unit State: running Deactivated: næ Can Reload: No 
| san Stop Restart 
po — 


Figure 10: Status notification with systemadm. 


ADMINISTRATION WITH SYSTEMCTL gram for controlling systemd, the 


Now that you have become ac- most important options are listed 
quainted with the systemctl pro- in Table 7. 


ip 


Each issue delivers technical 
solutions to the real-world 
problems you face every day. 


Windows, Linux, Solaris, and popular 


varieties of the Unix platform. KILO TALK 


Learn the latest techniques for 
better network security, system 


fedora 22F 


Fault Tol 
Router 


E Creating a redundant 
ADMIN magazine covers array of inexpensive links 


It is possible to fine-tune many 
options with additional entries. It 
is not possible, however, to list all 
of these within the confines of this 
article. The following examples 
provide a lot of information for ev- 
eryday use. 

Figure 5 is a complete example 
of how to terminate and mask a 
service, PostgreSQL-RDBMS, and 
then how these measures are re- 
versed. 

The unit file is not in /etc/sys- 
temd/system. You will find all of 
the processes belonging to the ser- 
vice for the status request system- 
ctl status ..... Additionally, the sta- 
tus itself and its lifetime is indi- 
cated. You can receive a listing of 
all unit files with systemctl 
list-unit-files (Figure 6). 

Alongside the states discussed 
previously (enabled, disabled and 
masked), you will also find the 
state static. In this state, the unit 
file is not enabled, but it has no 
pertinent instructions in its [In- 
stall] section. Therefore, it cannot 


ADMIN 


Network & Security 


-L What's new in the latest 
version of OpenStack 


Security on IPv4 Networks 


Packet 


: mirror Analysis 
management, troubleshooting, esi script for autoconfguring invirtual 


performance tuning, virtualization, \ isha 
cloud computing, and much more! Microsoft's 


Azure cloud 


(0) 


Kubernetes Apache Mesos 
Simplifying life Compute cluster 
with Docker for the data center 


root@ze7:~# journalctl -u apache2.service 
-- Logs begin at Sa 2015-05-30 18:33:53 CEST, end at Sa 2015-05-30 21:39:01 CEST. -- 
Mai 30 18:34:04 ze7 apache2[434]: Starting web server: apache2AHO0557: apache2: apr_sockaddr_info_get() failed for 


Mai 30 18 


apache2[434]: AH00558: apache2: Could not reliably determine the server's fully qualified doma 


Mai 30 18 apache2[434]: . 
h 30 19: apache2[18489]: Stopping web server: apache2. 
=- Reboot 
lai 30 19; apache2[433]: Starting web server: apache2AH00557: apache2: apr_sockaddr_info_get() failed for 
Mai 30 19: apache2[433]: AH00558: apache2: Could not reliably determine the server's fully qualified doma 
Mai 30 19; apache2[433]: . 
Mai 30 19: apache2[4233]: Stopping web server: apache2. 
=- Reboot -- : = 


Figure 11: Journal inquiry for apache2.service. 


be controlled by systemctl for a va- 
riety of reasons: The particular 
unit might be referenced by other 
units, such as .wants, .requires. 
Another reason could be that the 
unit should be activated via a 
socket, timer, D-Bus, or udev. 

It is possible to refine your state 
requests by including more condi- 
tions, for example --state. Fre- 
quently, it is easier to filter with 
grep. If, as in the example given, 
you would like to list only the 
masked unit files then you can use 
the following command: 


systemet] list-unit-files | grep masked 


You can also filter according to the 
type of unit file (Figure 7). The 
call 
systemct] list-units --type=mount 
lists all units of the Mount type. 
By the way, systemd without any 
arguments lists all of the units that 
have been started after the boot 
process. 


LISTING PROCESSES (SYSTEMD) 
The administration via systemd 
puts each service into its own ker- 
nel control group or cgroup. This 
lets you determine, at a glance, 
which processes belong to which 
unit. 

You will find a tree view similar 
to the one in pstree (Figure 8). 


CREATING A CONTAINER (SYSTEMD) 
You can create containers with the 
systemd-nspawn instruction. This 
topic is too big for the space restric- 
tions of this article, so that subject 
matter receives only a mention here. 
Containers can be queried with the 
following command: 
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systemct] list-machines 
See Figure 9. 


ADMINISTRATION WITH SYSTEMADM 
(sYSTEMD) 

This GUI program, available on 
Ubuntu via the systemd-ui package, 
makes it possible to quickly and 
easily administer systemd and the 
services [5][6]. 

The interface is self-explanatory 
and the operation itself takes little 
getting used to. Figure 10 shows a 
status request. 


SYSLOG VS, JOURNALD 

Now that you are using systemd 
for your services, you should also 
use systemd-journald instead of 
syslog. This can be handled as you 
prefer. For example, you can 
change from syslog to systemd- 
journald or vice versa. 

When you use journald, the log 
data will only be saved during run- 
time. You can modify the configu- 
ration by changing entries in /etc/ 
systemd/journald.conf. By using 
the setting Storage = persistent you 
can permanently save the journal 


INFO 


in /var/log/journal. You should 
limit the size of the log with some- 
thing like SystemMaxUse = 100M. 
Listing 8 shows all of the items in 
this file that have been modified. 
Note that the log files from sys- 
temd/journald are not searchable 
with customary text tools like find, 
grep, etc. You will need to use 
journatctl. 

To see the logs using journalctl, 
you can enter the command with- 
out any other option and the pro- 
gram will list a complete journal. 
Table 8 contains some filtering 
possibilities. 

Figure 11 shows a journal request 
that was limited to one service, 
apache. 2service. 


CONCLUSION 

Now you know quite a bit about 
both control programs for starting 
the systems and services. If you 
are familiar with SystemV Init, 
then the switch to systemd may 
take some getting used to. The 
work you invest will pay off, 
though, because many more possi- 
bilities for configuration are wait- 
ing for you. e 


[1] Init: https:/wiki.archlinux.org/index.php/SysVinit 


[2] Wiki for systemd from Arch Linux: https:/wiki.archlinux.org/index.php/ 


Systemd 


[3] Introduction to creating Init scripts: http://refspecs.linuxbase.org/LSB_3.1.0/ 


LSB-Core-generic/LSB-Core-generic/initsercomconv.html 


[4] Manpages on freedesktop.org: http://www. freedesktop.org/software/systemd/ 


man/ 


[5] Handbook for the SUSE Enterprise Desktop 12: https:/www.suse.com/ 
documentation/sled-12/singlehtml/book_sle_admin/book_sle_admin.html 


[6] Handbook for SUSE Enterprise Server 12: https://www.suse.com/ 
documentation/sles-12/book_sle_admin/data/cha_systemd.html 
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lf you don't have the right tools, comparing PDF documents for differences can be very 
cumbersome. We discuss five nifty tools that can help with this task. 


Finding differences in PDF documents 


LOOKING FOR TRACE 


BY FRANK HOFMANN 


he portable document format, 

or PDF, has become indis- 

pensable as a way to exchange 

data across various platforms 
and operating systems. This is espe- 
cially true for documents that 
should be readable but not easy to 
modify. 

In this article, I will examine how 
to determine whether two PDF doc- 
uments are identical and, if they are 
not, how to find what differences in 
content and appearance exist. In 
particular, I will look at five pro- 
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grams including MdSsum [1], Pdf- 
totext [2], Pdfdiff [3], Comparepdf 
4] and DiffPDF [5], all of which 
can be found in the Ubuntu reposi- 
tories and that of most over distri- 
butions. 


COMPARING FILES 

Md5sum can be found on every 
Linux system. In Debian GNU/ 
Linux and Ubuntu, you will find it 
in the coreutils [6] package. The 
rimary purpose of MdSsum is to 
generate 128-bit long hash values 
based on the MD5 method. In sim- 
plified terms, this type of hash 
value corresponds to the digital 
fingerprint of a data set. 


ListinG 1: COMPARE HASH VALUES 
$ md5sum Debian-20150207. pdf 
Debian-20150208.pdf Debian-20150209. pdf 


6d997a79b970eb8526F0d1662F740b45 
Debian-20150207 . pdf 


5f91ffc412d95e3436faceb2e772e0el 
Debian-20150208.pdf 


6d997a79b970eb8526f0d1662f740b45 
Debian-20150209.pdf 


LISTING 2: COMPARE EXTRACTS 


$ pdftotext filel.pdf 


$ pdftotext file2.pdf 


$ kdiff3 filel.txt file2.txt 
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Hence, you can use Md5sum to 
generate a hash value for each of 
two PDF documents. Then, you 
should compare the two results. 
Right away, it will be clear whether 
the documents are identical. If they 
are, then the two hash values will 
match just like Debian-20150207. 
pdf and Debian-20150209.pdf match 
in Listing 1. 

This method will help you deter- 
mine whether differences exist be- 
tween files, but it does not help 
you determine how the files differ. 
Therefore, in the example of De- 
bian-20150208.pdf, you would not 
be able to tell how this document is 
distinct from the other two. 

The tools Pdftotext and KDiff3 
can help you answer this question. 
You will find Pdftotext in the De- 
bian packages as part of poppler- 
utils. KDiff3 [7] belongs to the KDE 
suite. 

Pdftotext lets you extract the con- 
tent from a PDF document, which 
technically means the program ex- 
tracts text but disregards graphical 
elements. The name for the Pdfto- 
text output file derives from the 
name of the original file except that 
the .txt suffix is used. 

The extracts from two documents 
can then be compared using KDiff3, 
which neatly displays any differ- 
ences in highlighted form alongside 
one another. Listing 2 summarizes 
the procedure with all three invoca- 
tions together. 

After you have invoked KDiff3, 
giving the text files to be compared 
as parameters, you will see that 
content present only in the first file 
appears in green print, and that 
content present only in the second 
file appears in blue. 

Identical content appears in 
black print on a white background 
(Figure 1). The bar found on the 
right edge of the window is very 
useful. It identifies the sections in 
which the differences appear. 
Clicking on the bar takes you to 
the corresponding location in the 
text. 

If the three invocations in Listing 
2 prove too cumbersome for what 
you have in mind, then you might 
consider using Pdfdiff and Com- 
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Figure 1: An example of using KDiff3 to perform a direct comparison of two text files. 
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Figure 2: DiffPDF is the graphical version of Comparepdf and offers a well-designed user interface. 


parepdf. Both tools combine these 
individual steps. To compare con- 
tent for any differences, 

Pdfdiff utilizes the first diff pro- 
gram that it finds on your system, 
which depends on the distribution 
and desktop. So, for example, it 
might find KDiff3 or also Meld [8]. 


DırFPDF 

DiffPDF, found as the diffpdf pack- 
age on Debian, is the graphical ver- 
sion of Comparepdf, both of which 
come from the same development 
team. The tool is based on the 
graphics library of Qt as well as 
Poppler and has a convenient and 
fairly well-designed user interface 
(Figure 2). 


The documents sit in the left and 
the middle columns for purposes of 
comparison. DiffPDF color-codes 
all text fragments that have been 
changed or were moved to a differ- 
ent place on the same page. The 
program compares the documents 
page by page. You will also see a 
colored bar on the left margin of 
the document that visually marks 
the difference. 

The user options for this bar in- 
clude intensity, width, and hue - 
all of which you can tailor to your 
liking via the Options button. 

Two buttons sitting above the 
page view are used for selecting 
files. The entry field next to the 
buttons is used to specify which 
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pages DiffPDF should compare. In 
Figure 2, the page numbers shown 
in the field range from 1 to 460. If 
the two files show a different num- 
ber of total pages, then DiffPDF 
will usually take the smaller value 
as the upper limit. 

You will be able to see the num- 
ber of pages that contain discrepan- 
cies in the output field of the right- 
hand column. Figure 2 shows that 
discrepancies occur in 200 out of 
460 pages compared. 

The right-hand column of the 
user interface contains several 
other buttons, which are used for 
navigation. Options include the de- 
fault setting of a word-by-word 
comparison mode, character-by- 
character mode, and a visual com- 
parison. This last setting leads to 
an optical comparison which also 
includes illustrations. 

The view button is used to switch 
back and forth between pages that 
contain differences. The page num- 
ber for each of the pages within the 
respective document as well as the 
number of discrepancies that occur 
on the page are listed in the view 


Figure 3: DiffPDF collects all of the differences it discovers together in a report. 


mode. The arrow buttons scroll for- 
wards and backwards through the 
pages. 

By using the entry field enlarge- 
ment, you can control the presenta- 
tion of the pages you are compar- 
ing. This option is especially help- 
ful with smaller display screens 
when the user wants to quickly find 
out what the comparison looks like. 

The six buttons at the bottom of 
the right-hand column let you initi- 
ate the comparison, specify options 
for display, show program status 
information, open the integrated 
help, and close DiffPDF. 

The Save as button helps you dis- 
play a useful summary of changes 
(Figure 3). The resulting output 
document contains all of the differ- 
ing pages together with highlighted 
sections. This saves you the trouble 
of going through documents page 
by page to locate the pertinent dif- 
ferences. 


CONCLUSION 

The tools presented here make 
modifications and differences in 
PDF documents more apparent and 
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easier to access. Note that using 
these tools to compare PDF docu- 
ments is typically successful only 
when the data in the documents is 
presented in text form. Otherwise, 
you will need to compare the docu- 
ments visually, which may mean 
that some details are missed. « 


INFO 


[1] GNU Coreutils: http:/www.gnu. 
org/software/coreutils/ 
Pdftotext (Poppler utils — Debian 
package): https://packages. 
debian.org/wheezy/poppler-utils 
Pdfdiff: http:/www.cs.ox.ac.uk/ 
people/cas.cremers/misc/pdfdiff. 
html 

Comparepdf: http:/www.qtrac.eu/ 
comparepdf.html 

DiffPDF: http:/Awww.qtrac.eu/ 
diffpdf.htm! 

Coreutils (Debian package): 
https://packages.debian.org/ 
wheezy/coreutils 

KDiff3: hitp:/kdiff3.sourceforge. 
net/ 


Meld: http:/meldmerge.org/ 


[2] 


[3] 


[4] 
[5] 


[6] 


17] 


[8] 
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CREATE Your Own E-Book ————————— 


In the past, publishing a book meant sending it to a publishing house. With Amazon's CreateSpace 
and Kindle Direct Publishing, you can now publish on your own. This article will guide you through 


the process. 


SELF-MADE 


BY DR. KARL SARNOW 


efore a book can appear in 
printed or electronic form at a 
book supplier, it must go 
through several steps. To 
begin, the process requires a manu- 
script; the author creates the book 
using a text editor that later becomes 
the basis for publication. Next, sub- 
mitting the manuscript as a file to a 
publishing house involves the time- 
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consuming work of an editor to create 
a well-formatted and publishable doc- 
ument from the writer’s jumble of 
text. 

If you prefer to self-publish with 
Amazon’s CreateSpace [1] and Kindle 
Direct Publishing (KDP) [2], however, 
the editing work is up to you. In prac- 
tice, the free office packages LibreOf- 
fice [3] and OpenOffice [4] are avail- 
able as extremely powerful tools for 
this purpose. 

The publishable files - not to be 
confused with the raw manuscript - 
make up the published book, now 
completely formatted in an acceptable 
way. In the case of CreateSpace, these 
are PDF files, whereas KDP works pri- 
marily in the HTML format. Again, Li- 
breOffice and OpenOffice are espe- 
cially well-suited here, because they 
can export manuscripts to PDF or 
HTML. (See the “Error Correction” box 
for more information.) 

Additionally, exotic contents, such 
as tables, images, and formulas, are 
not lost in the process. The office 
packages export these with cross-refer- 
ences so that CreateSpace and KDP 
can correctly process them. But, more 
on that later. 


Make sure that your office suite is in- 
stalled with all its components. Many 
of the leaner Linux distributions dis- 
pense with a large office package or 
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such as formula editors. You can get 
these through the package manager 
later on. Creating a manuscript begins 
with a fresh ODT document in Writer 
for which you define the page style 
(Format | Page | Page) in your desired 
format. With the proper format, the 
final printed book will look it does on 
the computer monitor. 

When choosing a page format, it’s 
important to follow the guidelines of 
CreateSpace or another self-publishing 
platform. In Figure 1, you can view 
the page format the author selected for 
his books. Equally important is the 
choice of fonts and font sizes for dif- 
ferent parts of the text. Here’s where 
your personal preference prevails. Be- 
ginners are best off keeping with Writ- 
er’s default format settings. 

Be careful when formatting with For- 
mat | Styles and Formatting that you 
don’t use too many fonts (Figure 2). A 
rule of thumb is to have a maximum 
of two different fonts, or the reader’s 
eye may find the text too chaotic. 


Error CORRECTION 


The two major office packages handle 
error correction extremely well. The 
highlighted ones are best addressed 
immediately. At the beginning, the 
spell checker is likely to pick up many 
terms as misspelled that are actually 
quite correct. Add these terms to the 
dictionary early on to save yourself ef- 
fort over the long term. 
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Figure 1: Setting the page format is the first step in creating a successful manuscript. 


To change the format settings or cre- 
ate a new style, right-click the entry to 
change and choose Modify.... To create 
a new paragraph style, right-click the 
desired style and choose New.... 

Figure 3 shows the choice of fonts 
for the Heading 1, used for chapter ti- 
tles. A chapter section title would then 
be Heading 2 and a subsection title 
would be Heading 3. Be sure that the 
heading styles follow the format hier- 
archy, so that a Heading 2 doesn’t 
have a larger font size than a Heading 
1, for example. 

Paragraph text should be in Default 
format, which should be activated au- 
tomatically when pressing Enter after 
a heading style. You can ensure this by 
setting the Next Style on the Organizer 
tab to Default (Figure 4). Keeping the 
paragraph format clean lets you fix 
any poorly chosen styles without hav- 
ing to reformat the entire document. 


IMPORTANT RULES 

Following the basic format settings, a 

few conditions should apply: 

e Make no more manual changes to 
the formats. 

e Use only the defined styles in the 
book. 

e If the result is not how you imagined 
it, adjust the corresponding styles as 
appropriate. 

References to page numbers, figures, 

tables, numbered equations, or other 

manuscript elements should always be 
done through the automatically updat- 
ing cross-references you create with 
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Figure 2: With help from F11, LibreOffice and 
OpenOffice show the current format templates 
for your document. 


Insert | Cross-reference. The resulting 
dialog (Figure 5) lets you choose the 
type, its corresponding selection ele- 
ment, and the data type of the cross- 
referencing text (page, number, or ref- 
erence text). 

Never add page or figure numbers 
manually or as cross-references in the 
body text. All too often, changes in the 
manuscript totally reorganize the doc- 
ument. Use the cross-reference method 
at all times, which automatically ad- 
justs the references for you. 


CUSTOMIZING IMAGES 

To avoid copyright problems, add only 
your own graphics and photos. In gen- 
eral, other people’s works are accept- 
able only when they’re under Creative 
Commons licensing [5]. Be careful to 
abide by the conditions in naming the 
source and its reproduction rights 
under the same license (or that pro- 
hibit commercial use entirely). 

If you want to create your own im- 
ages or add content to existing ones, 
Libre/OpenOffice Draw provides a 
powerful option. For a smooth work- 
flow, add an empty image frame with 
Draw in the Writer document that you 
can later populate while writing the 
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Figure 3: After choosing a format template, determine the font type, style, 


Figure 4: In defining a heading paragraph style, you can set what the 
style that follows it should be. 
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Figure 5: Cross-references are automatically updated with changes. 


document. The format of the file in- 
serted in the Draw document doesn’t 
matter, because the image will become 
embedded as an Office document in 
the manuscript later on. (See the Man- 
ual Page Breaks box for more.) 

Using a separate Draw file for each 
manuscript has the advantage that all 
the illustrations for the book are in 
one place. You may also want to use 
parts of images in another book, 
which is easy to do in Draw. You'll 
also need additional graphic elements 
in the images such as text, arrows, and 
frames. Simply import the desired 
image in a Draw page and add the re- 
quired elements. Figure 6 shows a 
Draw file with many images that later 
become figures in the document. 

If the figure exists, choose all the el- 
ements on the sheet and copy it using 
Edit | Copy or Ctrl+C to the clipboard. 
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manuscript file 
opened in Writer 
and add the figure to the desired loca- 
tion using Edit | Paste or the usual 
Ctrl+V keyboard combination. 

If you choose Insert content... from 
the menu instead, Office lets you 
choose the data type. Content in the 
standard Draw 8 format can be edited 
directly in Writer. With Drawing for- 
mat, Writer allows adding text labels 
only in layers. The vector information 
is maintained in a GDI Metafile so that 
the image scaling is lossless - which 
doesn’t work with bitmap images - 
thereby avoiding problems with dis- 
torted content. 

After inserting image content, you 
must still anchor the image and flow 
text around it. Right-click the image 
and select Anchor | To Paragraph. 
Then, Wrap | No Wrap ensures that 
the text does not wrap around the 
image, which is suitable only for 


Figure 6: For meaningful illustrations, add arrows and text to images 


smaller image formats. Next, choose 
Caption from the context menu and 
determine the image category (Figure 
7). Each category numbering initial- 
izes to 1. If a category is missing, sim- 
ply add its name. Then, enter the cap- 
tion text in the upper field. The lower 
field indicates what the caption will 
look like. 

Don’t concern yourself with the 
image number; the captioning func- 
tion adjusts it once you click OK to in- 
sert the caption. The image now has a 
frame around it with the caption. To 
add a cross-reference to the image in 
the text, the image number, page num- 
ber, or caption can be used as selec- 
tion elements. 


INSERTING TABLES 

You can embed tables in text as you 
would images. With Insert | Table or 
Ctrl+F12, you open the required dia- 
log, where you enter the size and gen- 
eral information such as its name or a 
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takes care of the rest. 


heading. You then set the anchoring 
and wrapping, again with Anchor | To 
Paragraph. Again, Wrap | No Wrap the 
preferred solution. 

Format the table heading as Table 
Heading and the table content as Table 
Contents. Here the same rules apply: 
Maintain the paragraph styles as 
cleanly as possible, and you'll never 
need to change text passages after text 
passages when format or layout 
changes occur. As with images, you fi- 
nally add a caption with its applicable 
numbering, being sure to select Table 
as the category. 


SAVING 

If you’ve been following this article 
closely, you now have two files, a 
manuscript file in Writer and a 
graphics file in Draw. Always save 
these files in ODF format. Writing a 
book can be an ordeal, so you'll be 
opening and closing these two files 
frequently, which can only occur in 
the native format. 

The motto “save early, save often” is 
particularly applicable here. Few 
things cause more frustration than los- 
ing work because of a simple mistake. 
A total data loss is not something you 
would expect from Libre/OpenOffice, 
but don’t rely on the autosave func- 
tion, which is basically every 15 min- 
utes - a thought flash can be lost in 
much less time. 


REFERENCES 
Every non-fiction book needs a good 
list of references, which is best placed 
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Figure 8: Create references using the numbering function in a separate 


chapter. 
in a separate chap- 
ter at the end of the book. Each refer- 
ence is numbered in square brackets. 
You use the same numbering in the 
body text, which you can easily auto- 
mate. This involves inserting all refer- 
ences as a bulleted list in the index. 
You can set the bullet style using Bul- 
lets and Numbering on the Options tab, 
where you specify setting a left square 
bracket before the number and a right 
square bracket after it (Figure 8). 

Inserting references in text uses 
cross-references as usual. Select the 
Numbered Paragraphs type and the 
corresponding selection element. For 
the insert reference, specify Number, 
which inserts the number along with 
the square brackets in text. However, 
this method provides no real advan- 
tage over manual reference insertion, 
in that Writer doesn’t update the 
cross-reference with changes. 

Reorganizing or subsequently insert- 
ing references is discouraged. In prac- 
tice, it’s better simply to append the 
added reference to the end of the list. 
In this way the existing linkage is 
maintained, and only a new reference 
needs to be added. 

In this first section, I covered pre- 
paring the manuscript using LibreOf- 
fice or OpenOffice. This resulted in 
two files: a manuscript file created 
with Writer in ODT format and an 
ODG image file created in Draw. Suc- 
cessfully saving these two files com- 
pletes this part of the process. Next, 
Pll explain how to prepare the manu- 
script file for publication as a printed 
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book with CreateSpace and as an e- 
book with KDP. 


EXPORT 

If you have followed the recommenda- 
tions so far, then the next steps will be 
straightforward. Both Office packages 
can handle the export to the formats 
you will need. CreateSpace requires 
PDF files, and Amazon's eBook plat- 
form requires HTML files. 

Because the Office solutions export 
things like tables, images, and formu- 
las with cross-reference information, 
you don’t need to worry about having 
CreateSpace and KDP possibly hang 
due to complex content. This aspect is 
addressed in more detail later. For 
now, it is important to learn about 
how to get your book to the online 
publishers. 


PRINTING WITH CREATESPACE 

You should thoroughly review your 
formatted manuscript before submis- 
sion. Are all of the graphics in the 


MANUAL PAGE BREAKS 


As with any decent word processor, 
Writer does a good job of handling 
page breaks automatically. Try to 
avoid forced page breaks that can lead 
to partial pages when adding or delet- 
ing text on a page and use them only 
in the final pass. An exception is chap- 
ter titles, which should always start on 
a new page. To do this, use Insert I 
Manual break | Page break. 
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over Amazon and other online book dealers. 


right place? Are there any spelling mis- 
takes? Has the table of contents been 
brought up to date? If everything is 
okay, then you can export the book via 
File | Export as PDF into PDF format. 
You should also check the PDF file for 
mistakes. Anything you overlook will 
end up in the printed version of the 
book. 

You will need a CreateSpace [6] ac- 
count to start your book printing proj- 
ect. Registration requirements include 
filling in the usual name, email ad- 
dress, and country of origin. Addition- 
ally, CreateSpace wants to know what 
type of media will be produced. For a 
book project, you should of course se- 
lect the Book option. After confirming 
the account, you will need to start a 
new project (Figure 9). For the format, 
you should select Paperback and as a 
beginner, it is a good idea to take ad- 
vantage of the Guided option. 

In the next step, CreateSpace asks 
for detailed information about the 
book. The entries for Title, Subtitle, 
and Primary Author should be clearly 
stated. You will need to provide the 
names of other persons who have con- 
tributed to the book under Add Con- 
tributors. The fields for book series 
should only be filled out if you want 
to compete with the likes of J.K. Rowl- 
ing and other series writers. The final 
points to address include entering the 
language for your book and the publi- 
cation date. 

Because you are publishing a book 
in print, you will need to have an in- 
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Figure 9: CreateSpace lets you print a book and immediately release it 


Figure 10: CreateSpace offers a variety of types of paper and printing 


methods for printing a book. 


ternational standard book number 
(ISBN). CreateSpace takes care of this 
detail for free. Otherwise, you can 
apply for an ISBN through the agency 
itself [7]. Note that an application will 
cost about $125. 

Next, you need to consider prefer- 
ences for form and layout (Figure 10). 
CreateSpace lets you choose between 
color and black and white print on 
various types of paper and in a variety 
of formats. Once you have made your 
selections, the final step is to load the 
PDF document to the CreateSpace site. 

Next, CreateSpace will want to find 
out what kind of binding should be 
provided. Based on my experience 
with this provider, I recommend not 
changing anything here. The standard 
settings always deliver a good result. 
At the same time, CreateSpace will run 
a check on the PDF file you have up- 
loaded and share the results in a con- 
trol window. 

When there are errors, go to Launch 
Interior Reviewer to find an analytics 
tool (Figure 11). This tool will help 
you determine whether the messages 
are pertinent by simulating the ap- 
pearance of the printed version of the 
book and marking potential issues 
with the text and suggesting possible 
solutions. 

Depending on the type of error that 
appears, you may need to correct the 
manuscript file and create and upload 
a new PDF. You should repeat the pro- 
cedures until no errors are reported by 
the reviewer, or until you don’t con- 


sider a particular error to be of any 
significance. 


DESIGNING THE Book Cover 

Once the analytics tool no longer re- 
turns any errors, you can give the 
book a title page. A CreateSpace assis- 
tant helps with this task, too. How- 
ever, you also have the possibility of 
uploading your own title. Naturally, it 
has to first be put into PDF format. 
For now, you can rely on the Cover 
Creator. 

The assistant guides you step by 
step, beginning with the type of book 
cover. Should the print be matte or 
glossy? You can choose the design you 
like best for the book cover from a se- 
ries of templates. The choice of design 
only determines the type of cover, and 
not any illustrations or text. You can 
gradually adapt the design to your per- 
sonal preferences by going through the 
options in a series of menus (see Fig- 
ure 12). 

With the book cover in place, Cre- 
ateSpace indicates the status of the 
book project in an overview. Tasks 
that have been completed are shown 
with a green checkmark. A red circle 
indicates where work still needs to be 
done. Using the Complete Setup com- 
mand shuts down the first phase of 
the book printing assistant and sends 
the book to the review process. 


SUBMISSION 
CreateSpace does not specifically ex- 
plain what happens once the user 
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manuscript in their own folders. 


clicks Submit Files for Review. For the 
most part, the service provider checks 
the book project over for compliance 
with technical requirements. 

The service usually sends an email 
within 24 hours to inform the user 
that the review is complete so the pro- 
cess of designating distribution chan- 
nels and pricing can begin. 

CreateSpace offers distribution 
channels that include Amazon.com, 
Amazon Europe, and the CreateSpace 
estore. At no extra cost, you can also 
choose to place your book in US li- 
braries and academic institutions. 
Likewise, it is possible to place the 
book in conventional book stores and 
online dealers with CreateSpace Di- 
rect. You will need a Book Industry 
Subject and Category (BISAC) code [8] 
for the latter. This is a code consisting 


Figure 13: You should let LibreOffice or OpenOffice save the export of the 


Figure 14: CreateSpace makes it possible to immediately export a com- 


pleted book project to Kindle Direct Publishing. 


of a number like COM051390 which 
refers to applicable subject headings, 
which for this example might include 
COMPUTERS | Programming | Open 
Source. 

Prices are set in US dollars, and 
CreateSpace sets the lowest price you 
are permitted to charge. It is possible 
to set a price for each market region. 
The assistant automatically computes 
how much you can earn from each 
book sold. 

The option of offering the book as 
an e-book on Kindle entails an en- 
tirely different process, which I will 
address later. 


QuaLıTY MATTERS 

Your book is now included as an entry 
in the Amazon catalog and in the 
other distribution channels you have 
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chosen even though you have not 
spent one single cent. Helpful assis- 
tance options are available through 
the service, but remember that the 
quality of the finished product de- 
pends almost entirely on the quality 
of work you put into the project. 
Next, I will address the specific 
characteristics of works including 
mathematical and chemical formulas 
and the successful conversion of sci- 
entific texts. Additionally, I will take a 
look at publishing works as e-books 
on Kindle Direct Publishing. This ap- 
proach to publishing includes several 
issues that require careful attention. 


Exporting MANUSCRIPTS 

To begin, you should check over your 
formatted manuscript one more time 
in LibreOffice or OpenOffice Writer. 
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how the book looks on various Kindle devices. 


This step could include looking for 
possible errors in spelling, formatting, 
page layout, and the table of contents. 

Next, you should save the manu- 
script in HTML format (Figure 13). 
Current versions of LibreOffice and 
OpenOffice will create just one large 
HTML file in which all of the illustra- 
tions are encoded in Base 64. 

Older versions of LibreOffice and 
OpenOffice are different in that they 
deliver numerous images along with 
the HTML file. It is a good idea to se- 
lect a subdirectory of the manuscript 
folder as the location for the HTML 
export. To prepare the data for trans- 
mission, you should compress the 
files to be exported into a ZIP file. 


Kinote DIRECT PUBLISHING 

You will first need access to Amazon’s 
eBook publishing platform. If you are 
an Amazon customer, you can simply 
log in with your Amazon account. 
Otherwise, KDP will ask for the usual 
type of contact information. Then, you 
can begin with your e-book project. 
Fortunately, you will find assistance 
along the way. 

The book printing assistant in Cre- 
ateSpace asked you at the conclusion 
of that process whether you wanted to 
publish the book with KDP. You 
should return to this point and trans- 
fer the book project to KDP. The ad- 
vantage of this method as opposed to 
starting out fresh with KDP is that you 
don’t need to do anything more about 
the book cover and the book data. 
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Figure 15: After the data import, Amazon provides a preview showing 


ease. 


You should ignore the option of gen- 
erating and sending a PDF file. In- 
stead, you should retroactively carry 
over the actual book content manually 
from the file that was exported in 
HTML format. 

Based on personal experience, I rec- 
ommend that users avoid a PDF trans- 
fer if their book includes formulas and 
tables. This is because transfers from 
CreateSpace to KDP can hang up. 


BACK TO THE PRINTED VERSION 
Therefore, you should first log in 
again to CreateSpace and re-open the 
book project you have published. You 
will find the Publish on Kindle entry 
waiting (Figure 14). 

This link leads to the website for 
the Kindle publishing service. As it 
turns out, the publication process for 
KDP is also an option in CreateSpace 
when the book project is in the proof- 
reading stage. At this point, you can 
simply select Take me to Kindle Direct 
Publishing now. 

Next, you will need to tell Cre- 
ateSpace how it should transfer the 
content of the book. The service pro- 
vides an explicit warning that the PDF 
file format is not optimal. Therefore, 
you should select the J will upload a 
separate interior file to KDP alterna- 
tive and then upload the HTML data 
which has been exported from Libre- 
Office. 

Before the actual publication pro- 
cess on KDP begins, you will need to 
establish the rights to your book and 


Figure 16: GChemPaint which is part of Gnome Chemistry Utils 
makes it possible to construct elaborate structural formulas with 


decide whether the book should be 
protected with digital rights manage- 
ment. Following this, CreateSpace 
transfers the book as a new e-book 
project to KDP, where it will instantly 
appear in your KDP account tagged 
with a CreateSpace icon. 

Now you can click on the new book 
title and start making the e-book come 
alive. Amazon should report that the 
cover was successfully transferred 
from CreateSpace and that the process 
of uploading the file containing the 
contents can begin. For this, select the 
Zip file created from the Office export 
and upload it. 

Amazon offers a preview once the 
upload is complete to show how the e- 
book looks on various versions of Kin- 
dle e-book readers (Figure 15). For the 
foreseeable future, Amazon will only 
be supporting Kindle devices. None- 
theless, it is possible to download and 
test the e-book file on other readers or 
in e-book software like Calibre. 

If you like the results of the pre- 
view, the next step is for Amazon to 
again make sure that you have the 
necessary publication rights. Then, as 
with CreateSpace, you will see the op- 
tion for setting up the royalties. Ama- 
zon then takes over, vets the book, 
and usually within 24 hours puts it on 
a virtual sales rack. 


TIPS AND TRICKS 

Combining the LibreOffice and OpenOf- 
fice programs Writer and Draw pro- 
vides many capabilities that can be put 
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to good use. In the course of publish- 

ing, you will need various formats, 

each of which have associated require- 
ments. For example, page numbers 
can’t be missing from the table of con- 
tents hsa printed book. E-book read- 
ers, however, will be looking for links 
to the book chapters. 

These types of issues can be dealt 
with by including page numbers in the 
table of contents for the manuscript 
file. When exporting the e-book files, 
there are then two possible ways to 
separately prepare the content. 

e Purists can save a second manu- 
script file in which the page num- 
bers are removed from the table of 
contents. Once this manuscript file 
gets exported to HTML, the page 
numbers will be missing but the 
links remain. 

Practical types can open the ex- 
ported HTML file in Writer. There, 
you can simply remove page num- 
bers at the end of every line of the 
table of contents by hand. This 
method is usually quicker unless 
you have written something along 
the lines of War and Peace. 

As authors of publications in the natu- 

ral sciences can attest, setting up 

mathematical and chemistry formulas 
for printing is not much fun. Math 
formulas and equations usually cause 
the least problems because they can 
be put together with the internal for- 
mula editor of the LibreOffice and 

OpenOffice packages. 

The editor simply embeds the for- 
mula as an image when exporting to 
PDF and HTML format, and it contin- 
ues to be possible to edit the formulas 
at any time. 


INFO 


[1] CreateSpace: https:/www.createspace.com/ 


Chemistry formulas cause many 
more difficulties when setting them 
up for printing. To create these, you 
will need to use special programs like 
GChemPaint [9] from the Gnome 
Chemistry Utils [10] or programs that 
let you draw the structures and then 
export them as images (Figure 16). 


LibreOffice and OpenOffice can han- 


dle the export of tables to PDF or 
HTML without any problems. How- 
ever, with embedded elements such as 
formulas, tables, or images, you will 
need to make sure that these objects 
are anchored to a paragraph and that 
text does not flow around the images. 

The export process offers the last 
chance for exercising vigilance to pre- 
vent unpleasant surprises down the 
road. 


sLU J > 

After following all the steps outlined 
in this article, your book should have 
found a place in the Amazon e-book 
catalog. Optimizing the table of con- 
tents and careful anchoring of images, 
formulas, and tables to the relevant 
book sections will provide maximum 
reading enjoyment on an e-book 
reader. You save time, and your read- 
ing audience will be happy. 

Remember that writing the manu- 
script will be the most time-consum- 
ing part of this project, and a well- 
structured manuscript file increases 
your chances of having a successful 
book. It takes approximately one day 
to convert a finished manuscript and 
publish it with CreateSpace and KPD. 
Typically, your work will have found 
its way onto the digital sales shelf less 
than 24 hours later. 


[2] Kindle Direct Publishing: https:/kdp.amazon.com 


[3] LibreOffice: https:/libreoffice.org 


[4] OpenOffice.org: http:/www.openoffice.org/ 
[5] Creative Commons: http:/creativecommons.org 


[6] CreateSpace account: https:/www.createspace.com/Signup.jsp 


[7] ISBN: http:/www.isbn.org/ 


[8] BISAC Subject Headings: https:/www.bisg.org/complete-bisac-subject-headin 


gs-2014-edition 


[9] GChemPaint: http:/www.nongnu.org/gchempaint 
[10] Gnome Chemistry Utils: http:/gchemutils.nongnu.org 
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DESKTOP _ Arpour 4 


We take a look at the new features that have been added to the digital audio workstation, Ardour 
4. Although not exactly eye catching at first glance, a closer examination shows the changes to be 


well thought out and extremely useful. 


New features in Ardour 4 


Music MAKER 


BY HARTMUT NOACK 


ust a month after we published a 

previous article [1] about the nu- 

merous small improvements that 

had been made to Ardour 3, de- 
veloper Paul Davis publicly announced 
a brand new version [2] [3]. So, in this 
article, I'll take a look at what’s new in 
Ardour 4. 

When you start up Ardour 4 for the 
first time, you will probably not immedi- 
ately notice that significant changes 
have been made. The layout and the 


control elements in the two versions are 
almost identical. The only visual differ- 
ences are found in the upper left under 
the mouse tools, but the tools them- 
selves work the same way as before. 

The fact that you are dealing with a 
new release first becomes apparent 
when you load a project from the previ- 
ous version. The new release converts 
the project and automatically makes a 
backup of the Ardour 3 project version. 
At this point, you can also begin to see 
the improved performance of Ardour 4. 
The program reacts noticeably faster 
and, according to the release notes, it re- 
quires up to 80 percent less working 
storage. Paul Davis and his team 
achieved these savings through radical 
code optimization of the interface rather 
than by reducing functionality. (See the 
“Download and Installation” box for 
more information.) 

Big improvements in the rendering of 
written text also stand out. Thanks to 
Cairo, Ardour 4 renders even very small 
text razor sharp. Taken together with the 
new SVG icons, this rendering capability 
creates a fresh new appearance for the 
interface. The changes become abun- 
dantly clear to the user who switches 
back to the older version after working 
just a few hours with the new version. 
The scruffy-looking icons and blurry 
rendering in version 3 aren’t as easy to 
tolerate anymore. 

Another significant improvement is 
hiding behind the very familiar button of 
Ardour plugin windows. The selection 
button for saved, default settings is lo- 
cated in the upper middle part of the 
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windows. Not only can you see the pre- 
sets generated by Ardour but also the 
presets that come with the plugin. You 
will also find default presets that were 
generated in a standalone version or in a 
different plugin host. 

These features make it possible for the 
first-time user to easily use presets, such 
as those found in Calf Monosynth, that 
are downloaded from the Internet (Fig- 
ure 1). The user simply has to copy the 
presets into the configuration directory 
of the plugin. 

The empty area under the tracks in the 
main window is another of the familiar 
elements that has acquired new func- 
tionality. It can now be used as a Drop- 
zone. Audio and MIDI files that are 
dropped from a file browser into this 
area automatically create a new track 
with a suitable configuration. A button 
under Project | Clean up copies these 
files to the project directory (Figure 2). 
In addition to MIDI and uncompressed 
WAV files, Ardour 4 also imports OGG 
Vorbis and Flac. In theory, MP3 can also 
be imported, but this format was not ac- 
tivated in the Ardour installation from 
Ardour.org that I tested. 

Thanks to GTK, there are key combi- 
nations that lead directly to menu op- 
tions. Aside from this quick but not very 
structured method, Ardour 4 provides 
the capability under Window | Keyboard 
shortcut, which is a nifty tool for setting 
several hundred keyboard actions. The 
list also contains actions that cannot be 
set with the direct GTK method. The 
price for this piece of progress is that on 
the first start, Ardour 4 reverses the key- 
board shortcut settings that have been 
created in a previous version. 


UNDER THE Hoop 
Some of the innovations are not readily 
apparent, because they work in the 
background on startup to drastically alle- 
viate longstanding problems. For exam- 
ple, when using Ardour 3, it was easy for 
troublesome plugins to interrupt a start. 
Scanning for plugins is an independent 
process in Ardour 4. If a defective mod- 
ule causes the scan to stall, Ardour 4 
will simply keep running and record the 
faulty plugin on a blacklist. Future scans 
will then skip over the offender and only 
read other plugins. 

If you would like to give the plugin 
culprit another chance once you have 
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and now also available in Ardour. 


Figure 1: The preset sounds delivered with the complex plugin Calf Monosynth are easy to use 


Figure 2: Ardour 4 automatically imports audio files dragged from a file manager like Dolphin into 
the drop zone in the tracks. 


DOWNLOAD AND INSTALLATION _ 


Ready-to-use Ardour 4 installation pack- 
ages for all current distributions are avail- 
able from Ardour.org in exchange for a 
contribution in the amount of your choice, 
with the minimum being $1. You can sign 
up for a regular contribution by registering 
on the site. The project recommends a 
monthly contribution of $4 but you will 
need to have a PayPal account with a regis- 
tered credit card. It is possible to purchase 
the package via PayPal for $45 even if you 
don't have a credit card. Just as with a sub- 
scription, you will get all of the updates for 
Ardour 4 and also the first release of the 
planned successor, Ardour 5. The packages 


updated, you can erase the blacklist in 
the main menu under Edit | Preferences | 
Plugins and start a new scan (Figure 3). 
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automatically installs to /optand no longer 
require the Jack audio server because Ar- 
dour 4 works directly with Alsa. 


Because Ardour continues to use open 
source software under a GPL licence, you 
can anonymously download the current 
source code from the Git server for the 
project for free. Additionally, Ardour 4 can 
be installed with a package manager. 
Ubuntu users will also need the KXStudio 
extension [4]. Fedora, openSUSE, etc. offer 
similar special repositories in which Ardour 
4 became available within a few days after 
the official release. 


You can also specify arbitrary paths for 
your plugin search in this same settings 
window. If you think the plugin manager 
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list is too long, you can simply create 
your own folder in the home directory 
for plugin selection. If you use Symlinks 
on plugins that are installed under /usr, 
you will receive all of the updates of the 
modules that you have selected. At the 
same time, this is a simple method for 
connecting plugin software on your own 
that you have built from source code or 
downloaded from websites. 

Once you notice during startup that 
the Jack audio server is not running, 
you will have discovered the largest in- 
novation in Ardour 4. The dialog that 
used to start Jack has been enlarged in 
Ardour 4 to permit selection of the de- 
sired audio system. 

Ardour 4 now cooperates in Linux di- 
rectly with Alsa. In Mac OS X and Win- 
dows, it is possible to also select their 
native sound systems. Jack works very 


Figure 3: Ardour 4 lets you control your plugin search. By activa 


well on Linux and offers some functions 
that Alsa does not deliver. However, on 
Mac OS X and Windows, Jack was more 
or less experimental and caused prob- 
lems that outweighed its advantages. 

Now that Ardour 4 supports the na- 
tive sound systems for each of these 
three platforms, these problems belong 
to the past. Ardour 4 is the first version 
of the application officially supported 
on Windows. Linux users also benefit a 
great deal from broader acceptance of 
Ardour. For one thing, you can now ex- 
change projects recorded in Ardour 
much more easily with your Windows 
colleagues. 

Another positive development is that 
these projects can also be identically ed- 
ited on all platforms, keeping in mind 
that there are some platform-specific pl- 
ugins. The independence of Jack does 


ting the scan progress display, you 


can also monitor plugins loaded at the beginning of a project. 


Figure 4: The plus symbol in the Transform tool lets you add rather cryptic conditions based on 
arithmetic along with the selected action. Most users probably prefer a simple crescendo. 
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not at all restrict the unique possibilities 
found in the concepts underlying Jack 
for signal relay in Ardour. Additionally, 
there are already strong indications that 
venturing into the world of Windows 
will result in greater financial support for 
the project. 


A New Device 
In addition to the new options for set- 
tings, Ardour 4 also offers new capabili- 
ties for actually working on the music. 
The loop mode for example can now be 
set up as a general transport mode. The 
space key will start the loop instead of 
the normal transport as long as the loop 
switch at the top left in the transport 
panel remains active. A button has been 
added to the transport panel to play back 
selections in active areas. 

In addition to the various improve- 
ments for editing MIDI music, Ardour 4 
has a brand new tool for manipulating 
single MIDI notes or groups of notes. Se- 
lecting the top left corner of notes with 
the new mouse tool editor that is to the 
far right in the tool bar, and then right- 
clicking on the selection will bring up a 
menu that includes the entry Transform 
(Figure 4). The Transform tool provides 
qualities for the selected notes such as 
increasing and lowering pitch or strike 
force. 


CONCLUSION 
A second look at Ardour 4 is all it takes 
to amply justify a switch from version 3. 
The new release has many new qualities 
and makes an altogether stable and ma- 
ture impression. Although an experi- 
mental plugin used in a MIDI track in 
my test caused a crash once, Ardour 4 
ran much faster and better than its pre- 
decessor. It is certainly on par with pro- 
prietary offerings like Bitwig Studio or 
Tracktion. e 


INFO 


[1] “Cool Gig” by Hartmut Noack, 
Ubuntu User, issue 24: http:// 
www.ubuntu-user.com/Magazine/ 
Archive/2015/24/New-in-Ardour-3 

[2] Ardour 4: https:/ardour.org 

[3] Release Notes for Ardour 4: 
https:/ardour.org/whatsnew.htm! 

[4] KXStudio: http:/kxstudio. 
sourceforge.net 
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USB sticks and external hard drives can easily be lost or stolen. You should therefore protect these 
storage media against loss and misuse. UsbCryptFormat lets you do this without much effort. 


Encrypting flash drives with UsbCryptFormat 


SAFE TRAVELS 


BY ERIK BARWALDT 


SB storage sticks, SD cards, and ex- 
ternal hard drives are essential tools 
in the daily life of almost every PC 
user. However, there are some draw- 
backs to these small storage media: They can 
disappear pretty easily, for example. If your de- 
vice gets into the wrong hands, unprotected 
data is typically visible to all who want to look 
at it. To protect data found on removable stor- 
age devices, all you need is a Linux PC and the 
encryption software UsbCryptFormat [1]. 


Basics 

UsbCryptFormat uses the LUKS method that 
runs on Linux to encrypt data. LUKS is designed 
so that it saves the information necessary for de- 
ctyption in the header of an encrypted partition. 
Up to eight keys and diverse metadata can be 
stored in the header. The advantage of this 
method is that it allows the user to open an en- 
ctypted storage device on a computer system 


even if the system does not run UsbCryptFormat. 


Oleksandr Marynchenko, 123RF 


In that case, the user just needs the cryptsetup 
package to call the software. Most of the current 
Linux distributions include this package as part 
of the standard installation. 


GETTING STARTED 
UsbCryptFormat is distributed under a GPL and 
comes as a DEB package for Debian, Ubuntu, 
and their derivatives that you can download 
from the project website. Because UsbCryptFor- 
mat consists entirely of Bash scripts, the source 
code is practically built into the system. Users 
running distributions that have RPM package 
management can also take advantage of Usb- 
CryptFormat. Here you should first install the 
program alien that is available in the software 
repositories of most of the distributions. 

The next step is to start the program in the 
terminal using the following command: 

alien -r -v --scripts 2 

usberyptformat_12.05.20_a11.deb 


The software converts the Debian package into 
RPM format so you can install it on your system. 

When installing UsbCryptFormat, the package 
creates the entry Encrypt external storage media 
in the menu structure on your desktop. Clicking 
the entry starts the program with the appropriate 
administrative rights. If the application does not 
appear, you should check the package adminis- 
tration to determine whether the zenity package 
manager is installed on your computer. Usb- 
CryptFormat uses this program to display its dia- 
logs in the graphical desktop environment. 

It's also a good idea to check the correspond- 
ing menu entry for the correct command syntax 
for invoking the software. In other distributions, 
you may need to replace the su-to-root com- 
mand, which only comes up in Ubuntu, with ei- 
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Danger: Data on this device will be deleted! 


Do you want to overwrite old data on the device with random data? 


Are you absoluteley sure that all data on this device 


This may take ki . 
can be deleted? s may take long time. 


However, if you don't do it: 
-parts of the data, that were on the device before the encryption could be 


restored by others very easily. 


6387- 14.5 GiB- /dev/sdb | 
-others can find out how much data is saved inside the encrypted partition. 


IF you selected the wrong device you will lose all data | inthis device was not encrypted before, choose [yes) here! 


| 
| on the usb-key or on the external harddisk! , | | 
| Really continue and reformat the selected device? | 


Overwrite old data? 


zaliti 


Yes 


Figure 1: The security message is conspicuous. 


ther kdesu, which is used on the KDE desktop, 
or the gksu command for Gnome work environ- 
ments. In both cases, you should remove the 
command parameters -X -c. UsbCryptFormat 
should start without any problems after this pre- 
paratory work. 


How THE System Works 

USB storage sticks and SD cards commonly 
come equipped with filesystems from the Mi- 
crosoft world. Depending on the size of the stor- 
age media, this will be FAT16, FAT32, exFAT, or 
NTFS. These filesystems offer the greatest possi- 
ble compatibility with various devices and op- 
erating systems. Thus, the first task for Usb- 
CryptFormat is to create a new partition where 
the encrypted filesystem will reside on each ex- 
ternal storage device that is to be encrypted. 

‘To start the encryption process, you should 
insert the storage device into the computer. 
When it appears in the system, you should start 
UsbCryptFormat with administrative rights. 
The software will open a window that lists all 
data storage devices that are connected and 
mounted on the computer system. From this 
list, select the device that you want to encrypt 
and click OK. UsbCryptFormat will then issue 
an explicit warning advising the user that all 
data saved on the medium will be lost during 
formatting (Figure 1). 

If, for some reason, you selected the wrong 
device, you can end the program with a click on 
No. Otherwise, you should continue with yes 
and UsbCryptFormat will create a new partition 
on the data medium. The next dialog is for en- 
tering the password you want to use with the 
encrypted data medium. You should then enter 
the password for a second time in the subse- 
quent security dialog. 

Inthe next window, UsbCryptFormat will 
ask whether you want to completely overwrite 
the removable data medium with randomly 
generated data. You should definitely answer 
yes to this question because old data can be re- 
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constructed through 
manual partitioning of 
the storage device. | 
(Figure 2). 

Reformatting with- 
out overwriting the old 
data beforehand will 
change only the parti- | 
tion table and not 
touch the existing 
data. Remember that it 
may take considerable 
time to overwriteold | 
data depending onthe | 
size of the data me- | 
dium. However, it just 
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Figure 2: The program overwrites before reformatting the data medium. 
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takes a few minutes to 
overwrite the data and 
set up the new filesystem on the customary 16 
or 32GB USB sticks and SD cards. 

UsbCryptFormat has an animated status bar 
that shows the progress of this process. A clos- 
ing dialog indicates that you will be asked for 
the encryption password the next time you con- 
nect the storage medium to your system. Then, 
with a click on OK, UsbCryptFormat ends. 


UNCOMPLICATED 
In practice, integrating the encrypted data device 
works reliably. Simply plug in the USB stick or 
the external hard drive and then correctly answer 
the password request. It is well known that stor- 
age media cannot simply be pulled out of the 
system. Instead, you should use the correspond- 
ing functions on your desktop environment or 
enter the umount command from the command 
line. Formatting tools like cfdisk or the Ubuntu 
disk manager show that the partitions installed 
on the storage medium are encrypted (Figure 3). 
If you are thinking about reformatting and 
encrypting a data storage device that has al- 
ready been encrypted with UsbCryptFormat, 
you will first need to partition the device with 
partitioning software. This is done by erasing 
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Figure 3: Partitioning software displays the encrypted device correctly. 


the existing partition table using cfdisk or 
fdisk and then setting up a new partition that 
covers all of the storage space of the device. 
You won't have to necessarily format it imme- 
diately. Instead, you can once again install an 
encrypted filesystem using UsbCryptFormat. 


CONCLUSION 

You can forget having to use cumbersome 
commands and complex parameters when 
encrypting and decrypting an external storage 
device. UsbCryptFormat makes it easy and 
uncomplicated to create encrypted storage de- 
vices of any kind and capacity. Modern Linux 
distros let you view the connection to the sys- 
tem as soon as you type in the password. 
Road warriors who keep lots of data on USB 
sticks, SD cards, or external SSDs and hard 
drives should have UsbCryptFormat as stan- 
dard equipment. e 


INFO 


[1] UsbCryptFormat: http://www. 
mandalka.name/usbcryptformat/ 
index.html.en 
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Opera changed course with version 15, giving up its status as independent software and dropping 
many of its features. Vivaldi seeks to offer a new home to fans of the old Opera. 


Testing the Vivaldi web browser 


OPERA RELOADED 


BY FERDINAND THOMMES, THOMAS LIECHTENSTERN 


any users still mourn the 
original Opera browser 
[1] with its distinctive 
qualities. By 1996, the 
browser had captured a two percent 
market share, which it kept until the 
end of 2012. The percentage points 
in market share actually stood at six 
to eight percent for websites attract- 


ing technology aficionados. The 
usage statistics were the same for 
the Linux version although neither 
Opera, nor Vivaldi [2], are open 
software. 

Opera maintained its own HTML 
rendering engine in the form of 
Presto; it also had an integrated mail 
client and was generally convincing 
with its original ideas. 

Thus, some people still use the 
last complete version 12.16, even 
though current security concerns 
now make this highly impractical. 
Additionally, there has been no sta- 
ble version for Linux up to Opera 26 
since it reappeared. 

Two projects have capitalized on 
these circumstances. Otter Browser 
[3] appeared in the middle of 2014, 
competing to become the heir of 
Opera 12. However, this was an un- 
derstaffed open source project, and 
it’s still not a good idea to use this 
browser. 

The second project is called Viv- 
aldi and, at the beginning of 2015, it 
looked to be the resurrection of the 
old Opera. Vivaldi was started by 
Jon S. von Tetzchner, the co-founder 
and former CEO of the old Opera 
browser. 

Tetzchner’s current involvement 
with the Vivaldi project has caused 
many friends of the old Opera to 
take note, and the first versions have 
raised the hopes that the old Opera 
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Figure 1: Unique but not impractical. The Adaptive Interface function 
colors the address bar in the predominant color of the CSS of the dis- 


played web page. 
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Figure 2: Vivaldi has a grouping function that can group numerous open 
tabs together and make administration easier. 
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are grouped together in the browser window. 


features are returning under a differ- 
ent name. 


SoLiD FUNDAMENTALS 

Vivaldi generally serves more dis- 
cerning users whose computer time 
is spent mainly on a web browser for 
either professional or personal rea- 
sons. The project supports the de- 
manding preferences of such users 
with optional keyboard controls, and 
the configuration can be closely 
adapted to their workflow. More- 
over, Vivaldi includes its users in the 
project by offering them a wish list 
of functions [4]. 

The project currently offers its 
software for Linux, Mac OS X, and 
Windows. The development has 
been fairly rapid up until now even 
though the team - put together and 
paid out of pocket by Tetzchner - is 
rather small. As a result, not all of 


Figure 3: When requested, ivaldi uniformly distributes web pages that 


the planned functionality has found 
its way into the browser. Specifi- 
cally, the mail client and cross-de- 
vice synchronization are among 
those features yet to be imple- 
mented. 

This article describes the third 
“Technical Preview” of Vivaldi, 
which appeared at the end of April. 
The preview can be downloaded 
from the Vivaldi project website [5] 
where 32-bit and 64-bit versions for 
Linux DEB and RPM packages are 
available. 


FIRST START 

Vivaldi uses the Google open source 
rendering engine Blink. For legal rea- 
sons, it was not possible to use 
Presto, the earlier, proprietary engine 
of Opera. A large part of the settings 
dialog also comes from Chrome - for 
example, the two plugins Chrome 
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Figure 4: Like Opera, Vivaldi displays pre-assigned websites on its 
“speed dial” start page. You can change the selection of sites to suit 
your preference. 


PDF Reader and Pepper Flash. When 
the browser starts up, it appears 
with a unique and colorful address 
bar (Figure 1). 

The software also lets you manu- 
ally add more tabs to the stack. 
When you right-click on the stack 
and select Tile tab group from the 
context menu, the pages will be uni- 
formly distributed in the browser 
window (Figure 3). You can deter- 
mine the format for this with the 
Tile representation icon found in the 
middle of the status bar. 


OPERA Is A FORERUNNER 

When you open a new tab by either 
clicking on the plus sign at the right 
end of the tab bar or by typing 
Ctrl+T, a “speed dial” containing 
nine windows appears. Eight of 
these are already assigned to popu- 
lar sites like Facebook, Twitter, and 
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Figure 5: Vivaldi's note-taking function on this panel lets you keep 


reminders and selected URLs and files. 


the Vivaldi homepage (Figure 4). 
These pre-assigned pages can be de- 
leted as desired. 

The status bar on the lower edge 
of the display screen has other inter- 
esting functions. You can prevent the 
loading of images or only show im- 
ages that have already been saved. 

Next to the status bar is a Website 
actions button, which takes you to 
actions that are generally useful for 
the web page you currently display. 
For example, you can look at a page 
in black and white, shades of gray, 
sepia, inverted, or blurred. Some of 
the entries such as 3D mode do not 
yet work. 

A slider to the far right of the sta- 
tus bar lets you smoothly increase 
the size of the page contents by up 
to 500 percent, including images 
which are specially smoothed. Viv- 
aldi offers Google as the default 
search engine. You can change the 
default in the search engine field to 
the top right. 

In addition to DuckDuckGo and 
Startpage, you will also find search- 
ing on Wikipedia, Amazon, and 
eBay, and Wolfram Alpha, a scien- 
tific semantic search engine. How- 
ever, the browser still doesn’t let 
you select a search engine for high- 
lighted text via search using in the 
context menu. 


KEYBOARD SHORTCUTS 

Keyboard users know how to appre- 
ciate the many predefined keyboard 
shortcuts that can be created in set- 
tings under Navigation | mouse and 
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dow shows the list of open tabs and the available keyboard shortcuts. 


keyboard. To make the keyboard 
shortcuts and the list of open tabs 
appear, you can simply press F2 
(Figure 6). 

The integrated task manager bor- 
rowed from Chrome (Shift+Esc) is a 
practical and helpful tool when 
working with many open tabs. One 
right-click on the entry lets you per- 
form a fine-grained search for possi- 
ble memory leaks. The same devel- 
oper tools as in Chrome are avail- 
able here. 


CoNcLUSION 

The Vivaldi project arrived on the 
public stage with the goal of becom- 
ing a “better Opera.” The new 
browser still has some shortcomings 
that developers need to work on, but 
the project is heading in the right di- 
rection. The relatively sluggish 
browser startup needs fine tuning. 

Once the browser is running 
though, Vivaldi opens web pages in a 
flash. Aside from the short supply of 
extensions and the slow startup 
speeds, Vivaldi is not lagging far be- 
hind Chrome. Additionally, it offers 
some useful functions that Chrome 
does not have. 

The browser does lack an email 
client and this is a significant short- 
coming. However, there is already a 
suitable reference to an email client 
in the side panel. 

Because Opera’s turbo mode 
(which would deliver web pages in 
compressed format) requires a dis- 
tributed server infrastructure, users 
will probably be waiting for some 


time yet for the appearance of this 
feature. On the other hand, the de- 
velopers are already implementing 
user demands for HiDPI support for 
retina displays and 4K monitors. 

Vivaldi has already been localized 
into 40 languages [7]. An advantage 
that should not be overlooked is the 
active community that exchanges in- 
formation in the forum [8] and in 
IRC channels. 

As a result, more than 100 people 
from more than 30 countries partici- 
pated in the localization effort. This 
is remarkable for such a young proj- 
ect and speaks to the hope that the 
Opera fan base and new users will 
be happy with the outcome. e 


INFO 


[1] Opera: http:/www.opera.com 

[2] Vivaldi: https:/vivaldi.com 

[3] Otter Browser: http:// 
otter-browser.org 

[4] Vivaldi user survey: http:// 
vivaldi.net/surveys/index. php/ 
survey/index 

[5] Downloading Vivaldi: https:// 
vivaldi.com/download/ 

[6] Markdown: hitp:/de. wikipedia. 
org/wiki/Markdown 

[7] Vivaldi localizations: https:// 
vivaldi.net/en-US/blogs/ 
teamblog/item/ 
23-localisation-news 

[8] Vivaldi forum: https:/vivaldi.net/ 
de/forums 
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Xrce412_ DESKTOP 


Xfce 4.12 has been under development for almost three years and is now ready to take 
over for Xfce 4.10. This article looks at improvements found in version 4.12 and what 


the long release cycles mean for the user. 


Xfce 4.12 after almost three years 


THE LONG ROAD 


BY MARTIN LOSCHWITZ 


f hen I first came into con- 
f tact with Xfce [1] in 2001, it 
was still in version 3 and 

J based on GTK1. Olivier 
Fourdan began the project as an exten- 
sion of the very sparse FVWM desktop 
and based it on XForms. In fact, the ac- 
ronym Xfce still stands for XForms Com- 
mon Environment. In the meantime, 
even if the acronym has lost its original 
meaning, it continues to be the name for 
the desktop. 


Almost everything about Xfce but its 
name is different from how it was back 
then. Olivier Fourdan is still associated 
with the project but the one-man show 
operation of Xfce is over. In place of the 
original panel, Xfce has become a ma- 
ture desktop environment. 

The panel is still one of the units, but 
Xfce also has a Window manager by the 
name of Xfwm, a file manager by the 
name of Thunar, and a playback pro- 
gram for media files. It even has a web 
browser in the form of Midori, which 
uses WebKitGTK +. The biggest strengths 
and the unique characteristics have al- 
ways been found in the area of resource 
consumption. Although modern envi- 
ronments like KDE and Gnome gladly 
take up several gigabytes of working 
storage to work properly, Xfce is made to 
be frugal. 

Many target groups welcome this fru- 
gality. Xfce has become something akin 
to the first choice for systems that are 
older and no longer equipped with the 
most up-to-date hardware. Even users 
with fast computers appreciate the quali- 
ties of Xfce. Because complex graphics 
effects are missing, the work interface is 
straightforward and fast (Figure 1). 


DARLING OF THE CREATOR 

Providers of diverse Linux distributions 
have discovered the advantages of Xfce 
and therefore offer the program as a part 
of their packages. For Ubuntu users, 
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Figure 1: Xfce continues to be a simple, straightforward desktop. However, the developers have 
built a lot of convenience into version 4.12. 
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Figure 2: In the standard theme, windows in focus have a different decoration from windows with- 
out focus. 


Window Manager 


Window Manager 
Configure window behavior and shortcuts 


Default 

Daloa 

Default-hdpi 

Greybird f 
Greybird-compact 

Kokodi 

Moheli 


Sans Bold 9 


Title alignment 
Center 


Button layout 
Click and drag the buttons to change the layout 
Active 


GL ei) 


Hidden 


B 


Figure 3: The “Default-xhdpi” mode makes it possible to run Xfce on display screens with 
extremely high resolution. 
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there is even Xubuntu, which relies 
solely on Xfce as the environment for 
desktops. Not much maintenance has 
been done on the corresponding pack- 
ages in the past three years. 

Xfce 4.10, released in April 2012, put- 
tered along without any updates worth 
mentioning, which gave rise to concerns 
on Xfce mailing lists that the project had 
come to a halt. At the end of February, 
however, an answer came in the form of 
Xfce 4.12. Naturally, this release is some- 
what larger because a lot has happened 
in three years. By the time this article 
went to press, Ubuntu packages for Xfce 
4.12 were standing ready for Ubuntu 
14.04 and 14.10 and offered a preview of 
the desktop. Here are the first observa- 
tions of this apparent resurrection. 


THE Winnow MANAGER XFWM 
Olivier Fourdan was convinced that the 
creation of a full-fledged windows man- 
ager was essential to the transformation 
of Xfce from a simple FVWM extension 
to a complete desktop. Back then, KDE 
was an exception because it was a com- 
prehensive desktop environment, and 
the typical combination was made from 
panels like Gnome and other window 
managers. Xfwm was perfectly inte- 
grated in the emerging desktop environ- 
ment from the beginning. 

The developers focused on two char- 
acteristics of Xfwm for Xfce 4.12. The di- 
alog that appears when Alt+Tab are 
pressed together got an overhaul. The 
task switcher on Xfce had previously 
consisted of just a bar with symbols to 
show which programs were running - 
along the lines of OS X. In the Xfwm of 
Xfce 4.12, users have the choice of three 
types of look and feel. 

Mode 1 mirrors the old optics and be- 
havior, but the visual display can be im- 
proved all around with Xfce Theme. 

Mode 2 has a list of window titles on 
the display screen instead of symbols, 
which is especially useful when several 
windows differing only in their title are 
open at one time, as might be the case 
with terminal emulators. 

Mode 3 is quite elegant. In this mode, 
Xfwm displays a program window of re- 
duced size inside a frame together with 
the respective program icon. Depending 
on the size of the font, it may even be 
possible to read text found in the win- 
dows. However, the prerequisite for this 
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mode is the compositor mode, which is 
significantly more hardware intensive 
than the other modes. 


BETTER TILING 

In the context of a desktop, the word til- 
ing refers to the division of windows in a 
pattern similar to floor tiling. The devel- 
opers for Xfce 4.12 have improved the til- 
ing for Xfwm significantly for situations 
when client-side decorations (CSDs) are 
utilized. The term CSD is specific to 
GTK3, and it refers to the capability of a 
program to decide on characteristics like 
the frame of a window by itself. 

When CSDs are used, the programs 
are responsible for the window frames 
and the arrangement of buttons for clos- 
ing and minimizing. Back when Xfce 
4.10 was current, the topic of CSDs was 
not yet particularly relevant. Meantime, 
CSDs have become an important consid- 
eration for GTK3 applications. Xfwm 
4.12 has now completely mastered tiling 
and the automatic arrangement of win- 
dows using CSDs. 

The expanded CSD support led to 
funny situations in our test. For example, 
windows in focus have a different win- 
dow decoration from those not in focus 
(Figure 2). At first, this is more irritating 
than useful, but it’s easy to get used to. 
Likewise, automatic docking of windows 
on the edge of the display screen has un- 
dergone improvement for windows with 
CSDs and those without. Combining the 
Alt key with the mouse wheel lets you 
zoom in on individual windows. 


Larce DisPLays, HIGH RESOLUTION 
Finally, the developers have also worked 
on the topic of high resolution. This has 
been continually pertinent for desktop 
environments and is like a relic of the 
past. This is because developers and 
manufacturers created desktop environ- 
ments for lower resolutions during the 
years which saw 15-inch display screens 
and the first LCD displays. This adapta- 
tion persists today, particularly because 
combinations like 23-inch display 
screens and full HD resolution are still 
desired by most users. 

Those wanting to use higher resolu- 
tion or smaller displays with the same 
resolution soon have a set of problems 
on their hands. Symbols and fonts are 
barely visible on a 23-inch display 
screen with 4K resolution. 
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Figure 4: The control elements in Parole disappear automatically after a timeout even when not in 
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any problem. 


And now, perhaps the biggest modifi- 
cation of Xfwm 4: The Windows Man- 
ager comes with two operating modes 
that have been specially created for the 
HiDiPi mode (Figure 3). These so-called 
themes have, for example, larger stan- 
dard values for the size of the font used 
by the system. The user therefore gets 
the high depth of focus of LED displays 
with high resolution while retaining the 
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Figure 5: The configuration dialog for monitors can now master several display screens without 


ability to read all of the text and recog- 
nize all of the symbols. Xfwm is even 
further along in this regard than Mac OS 
X, because there is still no usable HiDiPi 
mode on OS X. The modifications made 
to Xfwm have all been successful. 


Not Muck New AT THE PANEL 


The Xfce panel is the nucleus of Xfce on 
one hand; but, on the other, it is a rela- 
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tively mundane component. Xfce 4.12 
has barely two improvements for the 
panel. 

The panel now notices when it is ob- 
scured by a window that the system ad- 
ministrator drags and drops onto the 
desktop. The panel responds by disap- 
pearing until its original position is once 
again available. 

The “intelligent disappear” feature of- 
fers a good compromise for users who 
may not want their panel to always auto- 
matically disappear but who find them- 
selves colliding with the bar when mov- 
ing windows. 

Moreover, the panel can load GTK3 pl- 
ugins in Xfce, which can then retrofit di- 
verse functions based on GTK. The GTK 
toolkit has had its own plugin interface 
for a very long time. For example, many 
of the system tray icons are implemented 
in the form of GTK3 plugins. Xfce 4.10 
was only able to deal with panels for 


GTK2. The successor has mastered the 
plugins from the new library. 

Traditionally, Xfce has enjoyed lots of 
advantages because of its capability for 
loading Gnome plugins. This option also 
remains open for Xfce even though in 
testing, I observed occasional problems 
with theme consistency. For example, 
the tray icon with the GTK3 plugins fre- 
quently had a different background color 
from the rest of the Xfce panel. However, 
it was easy to get this problem resolved 
with the proper configuration in the Xfce 
control center. 


MEDIA PLAYER MAKEOVER 

The Parole media player has been exten- 
sively cleaned up by the developers. In 
the release notes for Xfce 4.12, the com- 
plete GUI for the version that is still 
found in Xfce 4.10 is referenced as a “Re- 
write.” In fact, Parole offers many new 
functions. Some of these are found 
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Figure 7: Thunar has been improved all around. In particular, the bookmark bar on the left is new. 
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under the hood, whereas others are 
more readily apparent. 

This media player has not always had 
an easy time of it. Many users were no- 
ticeably irritated when Parole first ap- 
peared as a component part of the Xfce 
4 Goodies package. Given the existence 
of a large number of media players 
based on the GStreamer framework, 
many users asked themselves whether 
another player like Parole was really 
necessary. These doubts have now been 
refuted. 

The reason that multimedia frame- 
works like GStreamer exist is to make it 
possible for front ends to use common 
functionality. Parole is clearly adapted 
to Xfce and delivers a complete user ex- 
perience. This is no different in Xfce 
4.12. The entire rewrite of the interface 
for Parole means that Parole 0.8 fits 
seamlessly into the lightly reworked ap- 
pearance of Xfce 4.12 that is essentially 
based on GTK3. Even so, inexperienced 
users can easily operate the media 
player. 

One obvious change is that the but- 
tons for controlling replay dynamically 
insert themselves into the player when 
the mouse cursor is on top of the win- 
dow. If the mouse cursor does not move 
for a few seconds, then the buttons dis- 
appear again (Figure 4). The buttons 
were always present in the window in 
the predecessor version when Parole 
was not running in full-screen mode. 


Mutt! DISPLAY SUPPORT 

Xfdesktop has a special role to play in 
the Xfce universe (i.e., that of the desk- 
top administrator). Based on Xfwm, it 
displays arbitrarily many desktops and 
administers the windows that are found 
on the desktop. It also ensures that win- 
dows move from one desktop to another 
as the user wishes. This makes Xfdesk- 
top a central hub in Xfce. 

To date, however, users wanting differ- 
ent wallpapers on different display 
screens with multi-display setup have 
encountered difficulties. This was not at 
all achievable using Xfdesktop, but the 
version in Xfce 4.12 remedies this short- 
coming. 

Users can specify the wallpaper for the 
display screen by dragging the window 
for the desktop configuration to the in- 
tended display screen. This step needs to 
be repeated several times on various 
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screens; in this way, the desired effect is 
achieved. 


CONFIGURATION DIALOG 

The configuration dialog of the desktop 
is an independent program, which goes 
by the name of xfce4 settings. This tool 
has also undergone several improve- 
ments as part of the release cycle for 
Xfce 4.12. Once again, these improve- 
ments apply primarily to systems with 
several display screens (Figure 5). Using 
a “show me” dialog, it is now reason- 
ably possible to specify different resolu- 
tions for different monitors and see their 
effects. The monitors can also define 
their position relative to one another. 

Although hard to believe, it is true that 
Thunar could not handle browsing with 
tabs until Xfce 4.12. Tabbed browsing is 
now an important part of web browsers 
and has become an almost indispensable 
feature in most. The function also fulfills 
a purpose in file managers - for example, 
when the user wants to copy files from 
one folder to another without opening a 
second window on the display screen. 
Nick Schermer implemented tabbed 
browsing for Thunar in Xfce 4.12. 

To drag and drop files from one tab 
into another, all you need to do is grab 
the symbol and drop it into the other tab. 
After a short wait, the content will ap- 
pear in the file index, which still consti- 
tutes the largest area of the window. This 
is another characteristic that bears an un- 
canny resemblance to OS X. Tabbed 
browsing is not represented in the OS X 
Finder, but the OS X idea of letting the 
user copy a file by dragging it on top of 
the target folder, which then automati- 
cally opens, has a lot of fans. 


User DIRECTORY CONFUSION 
There was a brief moment of concern 
among users when Schermer an- 
nounced that the classic user directory 
would disappear from the display in 
Thunar for Xfce 4.12. The announce- 
ment is somewhat strange and initially 
also confusing. Thunar users have be- 
come accustomed to finding the file tree 
to the left and their personal directory 
as the first entry. The entries that follow 
are for things like a connected storage 
device or network device and trash. 
This all looks different in Thunar 
4.12. The left area of the window now 
has a list of bookmarks, which the user 
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can expand as desired with drag and 
drop (Figure 7). The entries titled De- 
vices, Locations, and Network provide 
an improved overview. Not to worry, 
there is a direct link to the personal 
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folder in the form of a corresponding 
bookmark, and you can modify or re- 
move this as desired. 

In terms of devices, Schermer has radi- 
cally rebuilt the way volumes are han- 
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dled for Xfce 4.12. Previously, entries for 
disks or USB sticks were in the left area 
of the window. The only possibility was 
to mount these via a mouse click. The 
devices did not appear in the filesystem 
trees or the quick start bar. Moreover, un- 
mounting a device and remounting it in a 
different place was practically impossi- 
ble. Thunar Xfce 4.12 remedies this 
shortcoming by making it possible to 
perform these functions with ease. Even 
network mounts are now shown in Thu- 
nar just like the entries for other folders 
and devices. 


IMPROVED Power MANAGEMENT 

Xfce counts as one of the standard desk- 
tops for mobile devices that are relatively 
new but not necessarily powerful. This is 
especially the case for netbooks. Al- 
though tablets have largely replaced net- 
books, many are still in use serving as 
mobile tools for reading email or surfing 
the Internet. Xfce garners high marks 
here, too. Because the desktop has 
hardly any elaborate effects, it rarely en- 
croaches on the CPU, making for smooth 
work and long battery run times. The de- 
velopers have been busy revamping the 
configuration plugin of the Xfce power 
manager and have done a great job. 


The new configuration dialog can 
compete well with other systems like 
Windows or OS X. When Xfce recog- 
nizes that it is running on a mobile de- 
vice, it will indicate a precise setting for 
operation both with a power supply and 
a battery (Figure 8). There is an option 
for specifying an amount of time after 
which the device will switch into Hiber- 
nate or Suspend mode and an option for 
letting Xfce automatically reduce the 
screen brightness during battery-pow- 
ered operation. 

When the battery level becomes criti- 
cally low, Xfce can switch the computer 
into sleep mode until the user comes 
across another electrical outlet. For every 
occurrence, it is also possible to set a 
time with minute resolution when the 
Xfce should respond. 

The new dialog for power manage- 
ment in Xfce 4.12 even performs well for 
a PC that always runs off of a power sup- 
ply. The PC user typically wants the dis- 
play to turn off after a specified time so 
that the computer uses less power. Auto- 
matic shutoff can be activated with a 
mouse click in Xfce. Likewise, the 
changes made to the task manager that 
has been ported to Xfce 4.12 on GTK3, 
look noticeably more elegant. Users who 
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Figure 10: Mousepad does not seek to compete with Vim or Emacs. Instead, it is an excellent tool 


for quick edits of text files. 
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want to find out why the fan is con- 

stantly running on a notebook will be 
able to get this figured out quickly. A 
search mask makes the job of finding 
processes with a specific name easier. 


WHISKER MENU 

Users wanting a classic start menu in 
Xfce have up to now been able to use 
the standard menu. The most important 
programs are arranged in a tree-like 
structure. However, the world keeps 
turning. Windows and many Linux desk- 
tops have now left the tree structure be- 
hind and restructured their menus 
around the use of icons to represent the 
most frequently used programs. 

Xfce 4.12 catches up here by introduc- 
ing the “Whisker Menu” as part of its 
Xfce Goodies package (Figure 9). This is 
different in many respects from the pre- 
ceding version. With one click, the user 
finds a list on the left containing the 
most frequently used programs. A menu 
is also visible on the right, but the tree 
structure is no longer displayed. Instead, 
a hierarchical structure consisting of two 
levels appears. 

One click on the category to the right 
will make the list of corresponding pro- 
grams appear in the left-hand side of the 
menu. A scroll bar makes it easy to use 
the menu even on a small screen. The 
dialog that appears underneath lets the 
user search for tools by name. All in all, 
the features of the Whisker Menu offer a 
lot of convenience for users who require 
a central menu. 


A New MousePAD 

The Mousepad text editor is definitely 
one of the least noticed components in 
Xfce. It is simple, easy to use, and has 
about the same functionality as Notepad 
or TextView in OS X. Because of the 
complete rewrite of Mousepad for Xfce 
4.12, opening text files is straightfor- 
ward. The editor can handle most func- 
tions that a user might expect to find in 
a simple editor. Although it cannot com- 
pete with a mature Vim or with Emacs, 
it works just fine for basic tasks (Figure 
10). Also, users who are unaccustomed 
to or who don’t want a command-line 
editor will like it. e 


INFO 
[1] Xfce: http:/www.xtce.org/ 
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Installing Ubuntu 15.04 


Package Management . 
Multimedia.........0..0..... 
Virtual Windows XP...... 


Network and Updates.. 


Ubuntu 15.04 offers nearly no changes 
to the installation process. But, just in 
case you are new to Ubuntu, we'll walk 
you through upgrading or installing the 
latest release. 


f you’ve installed Ubuntu in the 

past, you might notice that, unlike 

its predecessors up to 12.04, 

Ubuntu 15.04 does not fit on one 
CD. As of 12.10 onwards, developers 
also improved the installer, which now 
provides full encryption and Logical 
Volume Manager (LVM). The step in 
13.10 that allowed access to or set up 
of an UbuntuOne account was removed 
in 14.04. Other than these updates, not 
much has changed with the Ubuntu in- 
stallation process. 

Installing Ubuntu 15.04 on your 
computer or virtual machine can be 
done in several ways. Although 
Ubuntu is geared toward novice Linux 
users, installing the system is different 
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Try Ubuntu 


Installing Ubuntu 15.04 


INSTALLATION 
e 


from a Windows installation. We’ll ex- 
plain your options and walk you 
through the steps. 


Wuat's New, Vivio? 

If you’re running Ubuntu 14.10, you 
can update to version 15.04 directly. 
However, if you’re upgrading from a 
version of Ubuntu earlier than 14.10, 
you will have to update in steps to 
14.10 first and then to 15.04. 

If you decide to go with a clean in- 
stall, try the Live version first to test 
the programs and get used to the Unity 
desktop. Then, you can load the distri- 
bution via the integrated installer on 
your computer. Regardless of what you 
decide, do back up all your important 


Install Ubuntu 


You cantry Ubuntu without making any changes to your computer, directly From thi 


You may wish to read the release notes. 


Figure 1: Choose Try Ubuntu to run a Live instance on your computer without installing anything. 
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files first so nothing gets lost in the 
process. 


INSERT MEDIA 

The double-sided DVD that comes with 
this issue provides two versions of 
Ubuntu: one for 32-bit and another for 
64-bit computers. To boot from the 
DVD, first have your computer recog- 
nize it as bootable. Often computers 
do this automatically; starting the PC 
with a bootable CD or DVD in the 
drive invokes the corresponding boot- 
loader. If the computer can’t find the 
DVD, change the boot order via the 
BIOS. 

To get to the BIOS, start up the com- 
puter and immediately press Esc, Del, 
F2, or F12, depending on your com- 
puter, Then, look for the appropriate 
option to change the boot order and 
move the CD/DVD drive to the top of 
the list. If you’re starting Ubuntu from 
a USB stick, move the USB device to 
the top of the boot order. In both 
cases, save the setting and restart the 
computer. 

If your computer is missing a drive, 
use a USB stick. We will assume that 
you already have Ubuntu installed. 
Create the stick by downloading the 
ISO image for Ubuntu 15.04 for the 32- 
bit or 64-bit architecture [1] that your 
installed Ubuntu uses, then load it to 
the USB stick using the Startup Disk 
Creator app in Ubuntu (Figure 2). 

First, delete all previous files on the 
stick, leaving at least 4GB of free 
space. At the top of the Make Startup 
Disk window, select the downloaded 
ISO image and, at the bottom, select 
the USB device to use. Then click 
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Make Startup Disk 


To try or install Ubuntu from a removable disk, it needs to be set up as a startup disk 
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Figure 2: The Startup Disk Creator in Ubuntu 14.10 copies the Ubuntu 15.04 image onto a USB stick 
with the required free space. Both Ubuntu versions have to use the same 32-bit or 64-bit architecture. 


Make Startup Disk. Booting from the 
USB stick requires the BIOS setting 
previously mentioned. 


To do a new installation, insert the 
DVD included in this issue into the 
drive with the DVD label facing up for 
64-bit architecture and with the label 
facing down for 32-bit architecture, 
and then turn off the computer. Next, 
turn it back on and immediately hold 
down the Shift key; this will take you 
to the Ubuntu boot menu. Here, you 
can make a language selection using 
the F keys to set language, keymap, 
and boot parameters. 

Press F6 (Other Options) on the 
Ubuntu boot menu so that you do not 


Figure 3: If booting doesn't work, you can adjust boot option in the Ubuntu 


boot menu. 


land on the Ubuntu desktop. The win- 
dow has a Boot Options line at the bot- 
tom (Figure 3). Enter the boot options 
mentioned here instead of the default 

ones quiet splash. 

The nomodest, radeon.modeset, 
nvidia. modeset = 0 or nouveau. mode- 
set=0 options help if you have graph- 
ics problems and the screen stays 
black. The acpi=off boot option fixes 
power management problems on older 
computers. 


If you do not want to Install Ubuntu 
right away, you can Try Ubuntu with- 
out installing. In Live mode, Ubuntu 
copies only the necessary programs 
into memory and executes them from 


Preparing to install Ubuntu 


nade 
acpi=off 

noapic 

nolapic 

edd=on 

nodmraid 
nomodeset 

Free software only 


Harb Drives IN UBUNTU 


Ubuntu names device files on hard 
drives according to a particular 
schema: /dev/sda is the first detected 
hard drive, with /dev/sda7 its primary 
partition (/dev/sda2 through /dev/sda4 
are the three other primary partitions). 
The /dev/sda5 device is the first logical 
partition located in the (/dev/sda2 ex- 
tended partition. Windows should al- 
ways be located in the first primary 
partition (/dev/sda7), and generally 
also in /dev/sda2. If you plug a USB 
stick or external hard drive into the 
USB slot, these external storage de- 
vices are listed as /dev/sdb, with ev- 
erything else following the same 
schema. Using the sudo fdisk -I com- 
mand, you can get an overview of the 
available hard disk and USB memory 
and the partitions and filesystems 
within them. 


there. Booting takes noticeably longer 
than with the installed version, and 
the system as a whole is a bit slower, 
but you can test Ubuntu 15.04 with lit- 
tle risk. Also, look at the bundled ap- 
plications to see whether Ubuntu sup- 
ports your hardware (printers, scan- 
ners, wireless, and graphics cards). 

Ubuntu 15.04 loads only the 3D ver- 
sion of the Unity desktop and uses LL- 
VMpipe for slower machines, creating 
sluggish responses on some older com- 
puters (cause for a recommended 
desktop replacement). 


The Ubuntu installer opens in a win- 
dow as shown in Figure 4. First, 
choose a language. The next window 


For best results, please ensure that this computer: 


Figure 4: The installer provides options, among other things, to prepare for 


MP3 support and for downloading updates. 


WWW.UBUNTU-USER.COM +» UBUNTU USER 


IssuE26 81 


Windows AND UBUNTU 


Windows likes to save its files across the entire hard disk. By defragging the Win- 
dows partition, you arrange the scattered file fragments in a contiguous region. You 
can then shrink the partition without destroying any installed programs. In Win- 
dows 7, you can start the defragging with Start| Programs | Accessories | System 
Tools. In Windows 8, use the search option to look for the defrag program. If you 
freshly installed Windows, a program called chkdisk routinely looks for damages to 
the partition, and then Windows can boot normally. 


After defragging, you can begin shrinking the Windows partition. At the bottom of 
the Start menu, type hard and click Create and format hard drive partition. Window 
XP and Vista have similar functions. 


Next, select the Windows partition you want to shrink. Right-click and choose 
Shrink Volume, enter a desired value in the Total size after shrink in MB field and 
click Shrink, and restart Windows. 


In any case, after you install Ubuntu and restart Windows, Windows resorts to 
chkdisk to check for possible damages. The system then restarts the computer 
again before starting up normally. Wubi [2], the tool to install Ubuntu on Windows, 
is included with Ubuntu 15.04, and you will be able to use it up to Windows 7. Wubi 
only works with Windows 8 if the machine uses the old BIOS firmware and the hy- 


brid sleep option is disabled. 


Installing Windows after Ubuntu is so complicated that we don’t recommend you 
do it. But, if you do plan to do so, choose creating a manual partition in the Ubuntu 
installer (as described in the “DIY Ubuntu” box) while reserving an empty /dev/ 


sda7 partition for Windows. 


checks whether your computer meets 
the installation requirements, which is 
at least 5.9GB available drive space, 
plugged in (important for laptop and 
netbook installations), and preferably 
connected to the Internet. 

In this window, you can set two 
check marks. If you mark Download 
updates while installing, Ubuntu uses 
the idle time during installation to 
download patches and security up- 
dates from the Internet, but doesn’t in- 
stall them yet. 

Checking Install this third-party soft- 
ware loads during Ubuntu installation 


Figure 5: Choose to erase the entire disk for the Ubuntu install, or make a 
different selection. 
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a few important codecs and plugins for 
your system. These codecs and plugins 
will allow you to play MP3 files on 
your player and see flash content in 
your browser. 

These two options can always be set 
later, so, for now, Next takes you to 
the next window. 

If a wired connection exists to the 
network and Ubuntu recognizes your 
wireless card, the next window dis- 
plays the discovered access points. 
Using the correct password, you can 
connect to the access point. If no 
choices are available, there may be a 


ny, al data m be tet. you need to waite down your key and teen R ina sate place eeutere 
For meresecurtye C) Overarite ech 
The instaiation may tate much ioagec 


problem with your wireless hardware. 
For now, you can use a wired connec- 
tion instead. 


CHOICES, CHOICES 

A new window then appears that was 
introduced in Ubuntu 12.10. If Ubuntu 
doesn’t find another operating system 
installed, it provides the options, as be- 
fore, to Erase disk and install Ubuntu 
or to do Something else (Figure 5). 

As of 12.10, there are two additional 
options: Encrypt the new Ubuntu in- 
stallation for security and Use LVM 
with the new Ubuntu installation. If 
you encrypt Ubuntu, the performance 
is a bit less than optimal, although it 
secures data against theft. Note that 
you can always encrypt your home di- 
rectory later. 

If you have another resident operat- 
ing system, such as Windows 8, the 
option Install Ubuntu alongside Win- 
dows 8 appears on the screen, which 
you can invoke using Continue. In this 
case, the options for encryption and 
LVM are grayed out and not available. 
If you have an older Ubuntu version, 
additional options appear in the in- 
staller window. 


UBUNTU FLYING SOLO 

Installing Ubuntu by itself takes up the 
entire hard disk and writes all files 
into the /dev/sdal primary partition. 
Also, the Ubuntu install creates the / 
dev/sda2 extended partition and, 
within it, the /dev/sda5S logical parti- 
tion that houses the swap area (see the 
“Hard Drives in Ubuntu” box). The 
swap area includes the swap file that 
takes over when working memory is 
overloaded, although writing to the 
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Figure 6: If you use the complete encryption that Ubuntu provides as an 
option, be sure to use a secure password (security key) and keep it in a safe 
place so as not to lose it. 
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swap area is noticeably slower than di- 
rect access to main memory. 


UBUNTU NEIGHBORS 

Windows often takes up the entire 
hard drive instead. If you want to in- 
stall Ubuntu alongside Windows, you 
must shrink the Windows partition 
and completely defrag it, as described 
in the “Windows and Ubuntu” box. 
Ubuntu 15.04 then invokes the GRUB 2 
bootloader, which boots both systems 
and can handle new computers sup- 
porting secure boot. 


INSTALL Now 

If you opted for self-partitioning, click 
Install Now. To set up complete encryp- 
tion, Ubuntu asks for a security key. Se- 
lect the most secure one possible (Fig- 
ure 6). Ubuntu then asks about your lo- 


REVIVAL 


cation (Where are you?, to get the time 
zone), Keyboard layout, name, user- 
name, and password (Who are you?). 
The latter dialog also asks whether you 
want to Require my password to log in 
or Log in automatically, with an addi- 
tional option to Encrypt my home 
folder. Ubuntu uses EcryptFS for this. 

The following screens are for select- 
ing your timezone, keyboard, and set- 
ting your username and password. 

If you have a supported Ubuntu web- 
cams, the installer suggests that you 
take an image of yourself to comple- 
ment your profile. Ubuntu 15.04 can 
also import profiles from other installed 
operating systems, including not only 
browser and email files but also screen 
backgrounds and documents. 

During the install process, you can 
view a slideshow that presents the new 

features in 
Ubuntu. Installa- 


tion can take a 


To revive an installed Ubuntu, boot up Live mode on the 
DVD in this issue by choosing the Try Ubuntu without in- 
stalling option. Be sure that the Live and installed ver- 
sions are the same architecture. Then, invoke a terminal 
and execute the following commands. Substitute for /dev/ 
sda6 entry the specific partition in which the root direc- 
tory (/ of the installed Ubuntu is located. 


sudo mount /dev/sda6 /mnt 

sudo mount -o bind /dev /mnt/dev 
sudo mount -o bind /sys /mnt/sys 
sudo mount -t proc /proc /mnt/proc 
sudo chroot /mnt 

grub-mkconfig -o /boot/grub/grub.cfg 
update-grub2 

grub-install /dev/sda 

exit 


sudo reboot 


Use the chroot command (change root) to mount the in- 
stalled system into your Live system and work with it as if 
you had booted it. Now you can set up a new GRUB 2. 


DIY UBUNTU 


If you want to maintain some control over the installation, 
you can select the Something else option, although this 
process requires some knowledge of the Ubuntu hard 
drive structure (see the “Hard Drives in Ubuntu” box). Ide- 
ally, you would place at least two logical partitions for 
Ubuntu on an empty hard drive: a swap partition (/dev/ 
sda5) and a partition for the root directory that is at least 
4.9GB (/dev/sda6). 


Optionally, add an extra partition for the /home directory 
(/dev/sda7) that gives you enough space for all your files. 
This partitioning has the advantage that you can install 
Ubuntu again later without losing your user data. Add the 
new partitions using Add. For the /and /home directories, 
selecting the Ext4 filesystem is best. 
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while, depending 
on your system, 
and it ends with a 
prompt to Restart 
Now. Remove the 
CD/DVD and press 
Enter so that the 
computer reboots. 
If you activated 
system encryp- 
tion, enter the 
password before 
booting up. 


UPDATING 
UBUNTU 

If you have 
Ubuntu 14.04 in- 
stalled, first con- 
sider whether you 


Install 


Welcome to Ubuntu 


want to upgrade at all. Version 14.04 is 
a LTS version, so it will still be sup- 
ported until 2019. If you have an ear- 
lier version of Ubuntu, you will have 
to upgrade to the intermediate ver- 
sions first. Before beginning, turning 
off the external repositories and PPAs 
makes sense. Use the Software Center 
Edit | Software Sources function and 
remove the checkmarks on the Other 
Software tab. 

Next press Alt+F2 and enter up- 
date-manager -d. In the empty window 
of the update manager, an Upgrade 
button shows at the top. During the 
upgrade, the installer asks whether 
you want to keep or replace a specific 
configuration file; choose to replace if 
you haven’t made any changes. Be- 
cause Ubuntu is downloading many 
packages and replacing them, make 
sure your computer is plugged in to 
stay charged. 


BOOTLOADER FAILURES 

Occasionally, the bootloader doesn’t 
appear after an Ubuntu installation, or 
you can boot only one system. Loading 
Windows after installing Ubuntu often 
leads to a bootloader failure. Refer to 
the “Revival” box for commands you 
will want to enter in a terminal win- 
dow. These commands install the 
GRUB 2 bootloader with help from a 
Live system so that GRUB correctly 
identifies all systems. e 


INFO 
[1] Download Ubuntu 15.04: Attp:/ 
releases.ubuntu.com/vivid/ 


[2] WubiGuide: https:/wiki.ubuntu. 
com/WubiGuide 


Figure 7: Installation can take a while, but it is painless and can generally be 


left to its own devices. 


ISSUE26 83 


Connection information 


Active Network Connections 
WLAN_68 (default) 


General 

Interface: 802.11 WiFi (wand) 
Hardware Address: 00:13:02:B0:BA:26 
Driver: 

Speed: 54Mb/s 

Security: WEP 


IPv4 

IP Address: 192.168.1.38 
Broadcast Address: 192.168.1.255 
Subnet Mask: 255.255.255.0 
Default Route: 192.168.1.1 
Primary DNS: 80.58.61.250 
Secondary DNS: 80.58.61.254 


IPv6 


Figure 4: Connection Information provides some 
helpful connectivity facts. 


NetworkManager automatically connects 
after you plug in the network cable. Rarely 
does this not work, but if that is the case, 
you must assign an IP address and domain 
name manually. 


WIRELESS NETWORKS 

So that Ubuntu can set up your wireless 
card properly, the kernel needs to find a 
suitable driver for the card. Then, it’s as 
easy as clicking the NetworkManager to 
obtain the neighboring networks (Figure 
5). Select the name of the wireless net- 
work and log in with your passcode. 

To avoid mistyping the password, make 
the password visible. Ubuntu automati- 
cally detects the encryption type (WEP or 
WPA) the access point uses. After a suc- 
cessful network authentication, your wire- 
less card provides you with a valid IP ad- 
dress via DHCP. 

Setting up your smartphone (Android or 
iPhone) as an access point, which is called 
tethering, also works. NetworkManager 
treats the tethered smartphone as a normal 
access point and connects to it. Smart- 
phones use the Universal Mobile Telecom- 
munications System (UMTS) to get to the 
Internet, which is a good solution when 
you are on the move. Don’t forget, how- 
ever, to secure the access point on your 
mobile phone with a good password and 
deactivate it when you are done. 

If the kernel doesn’t provide a driver for 
your wireless card, a proprietary driver is 
usually available. To test this, press the 
Windows key and open the Software Repos- 
itories program. If the Additional Drivers 
tab lists the driver for your card, click Acti- 
vate so that the wizard can download the 
corresponding software for the card. 


WLAN_68 


Disconnect 


= Airport_ 
CamposAbogados 
FB7270 
FISCAL 


MOVISTAR_17CB 


Enable Wi-Fi 


Connection Information 

Edit Connections... 
Figure 5: NetworkManager displays the neigh- 
boring access points, which is generally the first 
choice when accessing the Internet.. 


If both steps don’t work, search online 
for Ubuntu15.04 {YOUR WIRELESS CHIP}. 
To find out what your built-in wireless chip 
is called, press Ctrl+Alt+T to open a termi- 
nal and enter: 


$ lspci | grep "Network" 


For a USB device, use the following com- 
mand to find the chip’s ID number: 


$ lsusb 


An Ubuntu help page [3] lists the wireless 
card and its degree of support in Ubuntu 
and its derivatives. Setting up an unsup- 
ported wireless cards can be complicated 
on occasion, and other times a simple shell 
command can activate a card. In some situ- 
ations, programs such as Ndiswrapper 
allow use of the card’s Windows driver 
with Ubuntu [4]. 


UMTS Caros Ano DSL Monems 
Using NetworkManager, you can also set 
up UMTS cards and chips, as well as DSL 
modems. Of course, the system must recog- 
nize the hardware; otherwise, the tabs are 
grayed out. Once Ubuntu identifies a UMTS 
card, insert the card into the USB slot, 
enter the PIN, and configure it using Net- 
workManager. 

DSL modems are also candidates for 
NetworkManager. Click Edit Connections 
and choose Add on the DSL tab, connect 
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the DSL modem to the phone jack and 
your computer via cable to the modem, 
and apply the access credentials from your 
Internet service provider. These will go on 
the DSL dialog. 

Usually you will find a long line of text 
among the data, including the @ character. 
The part before the @ is your username, 
and the part after it is the service name. 
Then, enter the passcode and change to 
the Wired tab, where you enter the MAC 
address of your network card connected to 
your DSL modem. The name is usually 
ethO. After you determine the address, 
open a terminal and enter: 


$ /sbin/ifconfig | grep Hardware 


The MAC address consists of six two-char- 
acter sections separated by colons. Enter 
the MAC address in the field for the DSL 
configuration. 


VPN Connections 

If you want to surf securely on the Internet 
through a tunnel, use a virtual private net- 
work (VPN) solution such as OpenVPN, 
which NetworkManager also supports. De- 
tails on OpenVPN and how it works with 
Ubuntu are in an article in Ubuntu User 
issue 13, page 58-59. 


TROUBLESHOOTING 

If the DSL or UMTS modem is still giving 
you problems despite the correct driver, 
NetworkManager may have a bug. One so- 
lution is to install a recent version of the 
software by integrating a PPA. This pack- 
age often provides a newer version than 
the one normally used by Ubuntu. Often 
you can solve network problems by im- 
porting all updates for your release and re- 
starting the computer. « 


INFO 


[1] Packaging/PPA: https:/help. 
launchpad.net/Packaging/PPA 

[2] UbuntuBackports: https:/help. 
ubuntu.com/community/ 
UbuntuBackports 


[3] WifiDocs/WirelessCardsSup- 
ported: https:/help.ubuntu.com/ 
community/WifiDocs/ 
WirelessCardsSupported 

[4] WifiDocs/Driver/Ndiswrapper: 
https:/help.ubuntu.com/ 
community/WifiDocs/Driver/ 
Ndiswrapper 

[5] Using OpenVPN Under Ubuntu: 
http:/)www.ubuntu-user.com/ 
Magazine/Archive/2012/13/ 
Using-OpenVPN-Under-Ubuntu 
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With NetworkManager, you can access 
the Internet during the Ubuntu 
installation process. The first step is to 
download updates to make your system 
more secure. 


Installing updates... 
Preparing configuration of webbrowserapp 
> Details 


Figure 1: If Ubuntu updates are out there, you'll 
find out by invoking the “Software Updater” pro- 
gram. 


Software Updater 


Updated software is available for this 
computer. Do you want to install it now? 
Y Details of updates 
Install 


EE browser 
E E cheese webcam Booth 


E H Contacts 
E & Document viewer 
GD files 
E @ Firefox web Browser 
EAS Font Viewer 

P Technical description 


M 119.8 MB will be downloaded. 


“reset | (e) 


Figure 2: Ubuntu shows details on what updates 
are waiting in the queue. 
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NetworkManager and system updates 


ACTIVE TRAFFIC 


BY KRISTIAN KISSLING 


fter the official release of a distri- 

bution, the developers continue 

to iron out bugs with various 

patches, and they continue to 
minimize security vulnerabilities during 
the entire support period of the operating 
system. Ubuntul15.04, for example, will be 
supported for the next 9 months. If you 
install the distribution a few weeks after 
its official release, updates are already 
available. 

To look for updates, call up the Software 
Updater program (Figure 1), which dis- 
plays a list of installable patches. Clicking 
Install Now downloads the patches onto 
your computer (Figure 2). Restart the sys- 
tem to apply the patches. If no updates are 
available, you will see The software on this 
computer is up to date (Figure 3). 

Bug fixes help keep your system safe 
and secure. With a few exceptions, such 
as Firefox and Thunderbird, newer ver- 
sions of installed programs are updated 
with the next Ubuntu version. Within the 
support cycle of Ubuntu15.04, only Back- 
ports and PPAs [1] can be applied to a 
new version. Backports are special reposi- 
tories that provide newer versions of some 
software [2]. 


CHICKEN AND EGG 
To get updates for Ubuntul5.04, you must 
have access to the Internet. The Network- 
Manager helps you set up that access dur- 
ing the installation. If you’re not cabled 
in, the installer presents a window listing 
the neighboring wireless networks and 
asks you to connect to one, which is when 
installation begins in earnest. 

To bypass this step, install Ubuntu with- 
out Internet access, and then later set it up 


Software Updater 


cA) The software on this computer is up to date. 


(xen 


Settings... 


Figure 3: No updates are needed and you are 
good to go. 


through the NetworkManager, which is 
represented by a small icon at the top right 
of the screen. If you’re using a wireless 
card, you will see a wave-shaped icon and, 
if the system is connected, the icon reflects 
the quality of the connection. Since 
Ubuntu 12.10, connecting to the Internet 
even before signing onto the desktop is 
possible. 


WIRELESS PROBLEMS 

Not all wireless cards work flawlessly with 
Ubuntu. Before you install Ubuntu on your 
computer, use the Live version to test 
whether Ubuntu recognizes your wireless 
chip. Boot into Live mode and try to con- 
nect to one of the wireless networks dis- 
played. If connecting fails or no access 
points are showing, check the hardware 
switch on the computer itself. 

If you run into problems configuring 
wireless cards, DSL modems, or UMTS 
sticks because NetworkManager doesn’t 
recognize them, temporarily connecting 
the computer with a network cable to a 
switch or router usually works. 

Hardware is a frequent source of wire- 
less problems. On many notebooks, a but- 
ton turns on the wireless card, whereas on 
others, a special key combination (e.g., 
Fn+F5) or a single F keystroke works. Test 
to see whether the WLAN has been deacti- 
vated by mistake. 

To enable access for DSL, UMTS, and so 
on, click in the upper right on the Net- 
workManager icon and choose Edit connec- 
tions. Through Connection information, 
you can find out whether the access point 
provided you an address via DHCP (Figure 
4). DHCP (Dynamic Host Configuration 
Protocol) is the service that automatically 
assigns you an IP address in the local net. 
Most routers provide DHCP addresses by 
default. 


ETHERNET 

Wireless routers usually have inputs for 
network cables. If the router assigns IP ad- 
dresses with DHCP, which it usually does, 
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Ubuntus Software Center lets you 
install just about anything, including 
free software, purchased apps, and 
games. 


Our star apps 


Come and enplore our favourites 


Figure 1: Software Center encourages you to 
browse. 


Software management in Ubuntu 15.04 


TODAY'S 


buntu includes the convenient Soft- 

ware Center, which provides central- 

ized software management and al- 

lows you to search for new software 
and install it with a mouse click. With an 
Ubuntu One account, you can purchase soft- 
ware with a credit card. 

The Debian packages (that end in .deb) 
that Software Center offers are actually ar- 
chive files containing libraries, configuration 
files, and executable programs. If you install 
the Firefox package, for example, the package 
manager distributes the necessary files to the 
correct places in the filesystem for you. Often 
there are dependencies, which means that in- 
stalling program A requires that you have 
program B also installed. 

The package manager identifies the depen- 
dent packages automatically during installa- 
tion and loads them onto your computer. Usu- 
ally, you will notice the dependencies when 
you try to install a single Debian package over 
the Internet. The package you are looking for, 
such as a video codec, may be missing in the 
Software Center. In this case, you can find the 
package in external repositories created by 
the software’s users or developers. The repos- 
itories contain the software as well as the 
packages on which they depend. (See the 
“What Are Repositories?” section.) 


PACKAGE MANAGER IN ACTION 

Getting to reposito- 
ries and installing 
software is often 
faster from the com- 
mand line. The 
“Quick Sources” sec- 
tion goes into greater 
detail. First, I'll look 


at managing pack- 
ages using Ubuntu’s 
Software Center. To 
access the Software 
Center, press the 


Figure 2: Clicking a category on the left opens up other subcategories. 
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Super key [1] and en- 
tering softw. The 
start page (Figure 1) 
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features a few What’s New and Top Rated ap- 
plications. Clicking More on the far right gives 
you additional choices. 

If you click Turn On Recommendations at the 
bottom, Ubuntu suggests opening a user ac- 
count at Ubuntu One. Then your computer reg- 
ularly sends lists of software you've installed to 
Canonical and the company returns a list of rec- 
ommended software that might interest you. 
These recommendations appear on the start 
page and can be deactivated with View | Turn 
Off Recommendations in the global menu. In 
the meantime, you can purchase programs 
using your Ubuntu One account. 

Use the arrow icons in the upper left to re- 
turn to the start window. Starting with the re- 
lease of Ubuntu 12.10, Ubuntu developers have 
placed ads for free and commercial software 
from the Software Center across the broad sur- 
face of the screen under the heading Our Favor- 
ites. The left side of the Software Center screen 
organizes the applications by category. Click- 
ing a category opens subcategories (Figure 2). 
All other controls are at the top of the package 
management window. The All Software menu 
lists all the software in all the available reposi- 
tories. If you click the little white triangle next 
to the menu item (Figure 3), you'll find the 
entries Provided by Ubuntu (mostly free soft- 
ware), Canonical Partners (free and commer- 
cial software without source code, such as 
Skype and Flash), and For Purchase (commer- 
cial software, including many games). 

Clicking Installed on the menu bar at the 
top displays only the installed applications, 
sorted by category. Click the little triangle to 
the right to view the packages from a single 
source. At the far right is the History menu 
item that tells you which software you down- 
loaded. Check here if an upgrade suddenly 
isn’t working. Downgrading, unfortunately, 
doesn’t work in Software Center. To do that, 
you must install the Synaptic Package Manager 
and specify an earlier Version in the Properties. 

If you already know the name of the soft- 
ware, search for it in the search field at the 
upper right. Results come from the repository 
that you use for All Applications. Next to the 
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Figure 3: Clicking the little white arrow next to “All Software” shows you the reposito- 
ries available. 


software names are the ratings in the form of stars. Once you select a package, 
the More Info and Install buttons appear. The first button leads to a detailed de- 
scription of the program, often showing a screenshot (Figure 4). 


[ @ ubuntu Software Center 
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Figure 4: Once you choose an installable package, you'll get further information on it: 
ratings, screenshots, descriptive text, and more. 
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Look under the Add-ons section to see software that could 
enhance the program. Here People also installed displays 
other programs to consider. You can also filter reviews by 
language. Finally, click the Install button to install the pro- 
gram. Once installed, you can click the Write your own re- 
view link to evaluate the software. This requires a Launch- 
pad account [1]. 

The search won't find all programs. Software Center hides 
libraries, developer files, and even programs without graphi- 
cal interfaces, such as the mplayer command interface. To 
install these programs, choose Show [some number] techni- 
cal items at the bottom of the window (it is nearly invisible, 
being dark grey on black) or enter the full name of the soft- 
ware in the search field (Figure 5). 

The Software Center global menu includes other interest- 
ing options. In the File menu, you can choose Reinstall Previ- 
ous Purchases or Sync Between Computers to move your 
package selections to other computers over the Ubuntu One 
cloud service. Also, you can use Edit | Software Sources to 
add other repositories. If you don’t want to display new ap- 
plications automatically in the Launcher, unmark the New 
Applications in Launcher checkbox in the View menu. 


WHAT ARE REPOSITORIES? 

Software Center gives you access to thousands of packages, 
but the one you want may be missing or only in an older 
version. This is where external repositories and the PPAs 
help. The Opera repository [3] is one of the external reposi- 
tories and provides the Opera web browser that is missing 
from Ubuntu’s standard repositories. The VirtualBox project 
[4] also provides the proprietary version of its own soft- 
ware, which supports the virtual USB 2.0 ports and Remote 
Desktop Protocol (RDP), from its own repository. 

Personal Package Archives (PPAs) are special versions of 
external repositories that you can only find on Ubuntu’s 
Launchpad. When experienced Ubuntu users or developers 
create Debian packages out of their favorite software, they 
frequently offer them in their personal package archive on 
Launchpad. Using a search function [5], you can peruse 
the platform for new versions of current software with 
great success. 


COMPLEMENTING PACKAGE SOURCES 

In Software Center, you can download from external reposi- 
tories using Edit | Software Sources. To use the Opera proj- 
ect’s external sources, for example, click Other Software and 
Add, and then enter deb http://deb.opera.com/opera/stable 
non-free. This address wasn’t invented: Usually, the address 
is the website for the external repository. Click the Add 
Source button to accept the repository (Figure 6). 

External repositories often protect themselves from abuse 
with keys. Every package has a signature verified with a 
key, so that manipulated packages with mismatched signa- 
tures fall by the wayside. Often, you can’t access a package 
offering without a key, but how do you find the key? 


Figure 5: Additional libraries, developer files, and programs are 
listed as technical items. 
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Enter the complete APT line of the repository that you want to 
add as source 


The APT line clases the type, location and comporants of a repository, for 
example deb http /orchve bunts con ibuntu souy me. 


Artin [deb hetp//deb opera comfopera/stablenontred — 


Cancel 


Figure 6: Obtain additional packages from exter- 
nal repositories. 


To import the key for the Opera repository, 
invoke a terminal through Ctrl+Alt+T and 
use the following command: 


$ sudo apt-get update 


The command updates the list of available 
software for Software Center and returns an 
error message. Then, enter the following: 


$ sudo wget -0 - http://deb.opera.com/ 2 
archive.key | sudo apt-key add - 


For other repositories more tied in with 
Ubuntu, you may have to query the Ubuntu 
keyserver: 

$ sudo apt-key adv --recv-keys --keyserver 2 
hkp://keyserver.ubuntu.com:80 B9A06DE3 


In this case, the command downloads the ap- 
propriate key (B9AQGDE3) for the developer’s 
Launchpad PPA for the Inkscape vector de- 
sign software and integrates it with package 
management. If you can’t get to the key- 
server, it may be temporarily overloaded. Re- 
place keyserver.ubuntu.com in the command 
with another keyserver, such as subkeys.pgp. 
net, pgp.mit.edu, or keys.gnupg.net. After the 
sudo apt-get update command, you should 
be able to install the software from the 
source. The new repository might not show 
up in Software Center right away. 


Key OVER TERMINAL 

As seen above, most websites show a simple 
line that you can copy with Ctrl+C and 
Ctrl+V to the terminal. The line might appear 
as in the following VirtualBox example: 


$ wget -q http://download.virtualbox.org/ 2 
virtualbox/debian/oracle_vbox.asc -0 - 2 
| sudo apt-key add - 


The command downloads the key from the 
website (using wget -q {HTTP-LINK}), sends 
it to the console (with -O -), and passes it to 
the sudo apt-key add command. Then, use 
sudo apt-get update to update the package 
list and load up the VirtualBox package. 


INTEGRATING PPAS 

With about 6,000 active PPAs on Launchpad, 
it is easy to get brand new software versions 
with the latest functionalities. Among them 
are exotic programs and (unstable) developer 
versions of system components, such as the 
kernel or NetworkManager. Before compiling 
software from the sources, first use a PPA 
search [4] to see whether there might not be 
a PPA for it. 

The fastest way to integrate PPAs into the 
package manager is through the command 
interface because it saves you the key search. 
Press Ctrl+Alt+T to open the terminal and 
enter what usually amounts to three com- 
mand lines, something like the following: 


$ sudo add-apt-repository 2 
ppa:inkscape.dev/stable 

$ sudo apt-get update 

$ sudo apt-get install inkscape 


This happens to mount the PPA for the Ink- 
scape vector drawing solution. For other soft- 
ware, simply replace the parts after ppa: and 
sudo apt-get install. Take the text for the part 
after ppa: from the website (Figure 7). It may 
take a while for the repository to appear in 
Software Center. 


REMOVING SOFTWARE 

To remove software, open Software Center 
again, search for the name of the software, 
and click Remove. The configuration data is 
thereby unaffected. The advantage is that 
you don’t need to reconfigure the software if 
you decide you need it again later. If these 
remnants (such as you might find in the /etc 
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or /var directories) 
were to disappear, 
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! ages the list of soft- 


install the Inkscape design application. 
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Figure 7: In this PPA, you'll find the current packages for Vivid Vervet to 


ware in the reposito- 
ries in the back- 


ground. As already noted, you can also run 
apt over the command line; many experi- 
enced Ubuntu users prefer this method be- 
cause the commands work with any Ubuntu 
derivative. Here are four important com- 
mands: 


$ sudo apt-get update 

$ sudo apt-cache search 2 
(--names-only) inkscape 

$ sudo apt-get install inkscape 

$ sudo apt-get remove (--purge) inkscape 


The first command brings the package list 
up to date, an important thing considering 
how quickly program versions change. The 
next line searches for a package whose 
name or description includes the term ink- 
scape. Add the --names-only option (without 
the parentheses) to search for the package 
name only if too many hits are returned. 
The third line installs the package, and the 
fourth line removes it. 

You can use the optional --purge option to 
purge the configuration files in the home di- 
rectory along with the package down to the 
local configuration that you have to remove 
yourself. To remove all the packages in- 
stalled through a PPA, either use Software 
Center and choose the PPA next to Installed, 
or stay on the command line, install the 
ppa-purge package, and use the following 
command (for the Inkscape example): 


$ sudo ppa-purge ppa:inkscape/stable 


SINGLE CONSIGNMENTS 

Finally, there are some websites that pro- 
vide single Debian packages to download. 
To install the software, double-click the DEB 
package. Ubuntu then calls Software Center 
and recommends installing the package. 
Once you click OK, the package appears to- 
gether with a screenshot and description in 
Software Center. Finally, download the 
package with Install. e 


INFO 


[1] What are the meta, super, and 
hyper keys? http:/askubuntu. 
com/questions/19558/what-are-th 
e-meta-super-and-hyper-keys 

[2] Ubuntu’s Launchpad platform: 
https://launchpad.net 

[3] Opera repository: http:/deb. 
Opera.com/ 

[4] VirtualBox project: http://www. 
virtualbox.org/wiki/Linux_Down- 
loads 

[5] PPAs in Launchpad: https:/ 
launchpad.net/ubuntu/+ppas 
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You can watch movies, play music and 
place calls over the Internet with ease 
with Ubuntu. You just have to load the 
right software packages onto your 
computer. We present some of our 
favorite multimedia apps. 


Multimedia components and proprietary programs 


THATS 


ENTERTAINMENT 


BY TIM SCHURMANN, MARCEL HILZINGER 


laying movies and music, ripping 
DVDs, and making Skype calls - 
that’s all possible with Ubuntu. Al- 
though the Ubuntu installer already 
provides basic “third-party” multimedia 
codecs, these options might not fulfill ev- 
eryone’s wishes. At least, the distribution 
loads the legitimate MP3 codec from Flu- 
endo onto the computer through the 
ubuntu-restricted-addons package, along 
with components for the GStreamer frame- 
work (plugins-ugly, plugins-bad, ffmpeg) 
and a Flash plugin installer from Adobe. 
As a result, you can play MP3 files, burn 
audio CDs, and view more than 90 movie 
formats right after installation. However, 
the installed package is not compliant with 
the ubuntu-restricted-extras package that 
you should install after the installation. It 
provides additional codecs for GStreamer, 
some typical Microsoft fonts (that you need 


Q my top nated 
Q recently Added 
Q Recently Played 


to sign an EULA for first) and the UnRAR 
unpacker. You’ll also need to install the 
LAME library so that you can create and 
play MP3 files from audio CDs. 


GSTREAMER 

Generally, numerous programs in Ubuntu 
play music and movies, but there are some 
standard apps. Rhythmbox (Figure 1) is the 
preinstalled app for playing music. You can 
use the software to convert CDs to MP3 
format, although RipperX [1] is much bet- 
ter suited for this. Totem, on the other 
hand, is the default video player. 

This very simple player uses the 
GStreamer format. The drop-down menu 
used to access the videos and podcasts 
from YouTube and the BBC in the past is 
missing in the current version (Figure 2). 
Many users, however, also install VLC, the 
multimedia player that plays everything, 


Display 
‘Ovisvel ettects 


3 Requesting cover for Music From The OC Mix & 


+-4 


Figure 1: Rhythmbox plays not only MP3s but also radio stations, and it provides integrated music 


shops. Better software exists for converting from audio CDs. 
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MULTIMEDIA APPS 


back: LinDVD from 
Corel [4] and the 
Fluendo DVD player 
[5], whose develop- 
ers also participate 
in GStreamer. You 
can find the latter 
in the For Purchase 
repository. 

Until a couple of 
months ago, you 
could turn to the 
Medibuntu reposi- 
tory. It used to 
house - apart from 


Figure 2: Totem is becoming more and more minimalistic with every version. 
If you need more control over your media, VLC is a better option. 


provides more features than Totem, and 
can be extended easily through modules. 
You can find these modules in the Software 
Center if you search for vlc-plugin-. 

Brasero is still used as a CD burner, and 
it provides an integrated cover editor. Al- 
though Brasero does not do Blu-ray record- 
ing, K3B, available in the Software Center, 
does, although it will involve some system 
tweaking. Apart from K3B, you will have to 
install a special PPA, which substitutes 
wodim, the default underlying disk-burning 
software, for cdrecord, a software that can 
handle Blu-ray disks. There are full instruc- 
tions for doing this online [2]. 

Running in the background for the previ- 
ously mentioned programs is GStreamer, a 
modular multimedia framework that’s avail- 
able to many audio and video apps. Many 
programs don’t need to support special co- 
decs, because GStreamer provides the play- 
back capability. To play an MP3 file, Rhyth- 
mbox hands over the task to GStreamer, 
which rummages through its resources for a 
plugin to handle the MP3 format. Using the 
contained codecs, GStreamer converts the 
files into audible material (Figure 3). To 
teach Totem and Rhythmbox new data for- 
mats, often you can just install a matching 
GStreamer plugin. 


DANGEROUS LIAISONS 
Although you can use these “limited extras” 
for multimedia formats, you can’t watch en- 
crypted DVDs - which covers just about all 
commercial DVDs... Well, you can but you 
have to bypass the Content Scrambling Sys- 
tem (CSS). This requires libdvdcss2, pro- 
vided by the VideoLan [3], but this is con- 
sidered a legal gray area in many countries. 
Use of this software is often banned because 
it cancels the CSS playback protection and 
is therefore considered to violate the “effec- 
tive copy protection mechanism.” 

In some countries, you can resort to two 
commercial Linux programs for legal play- 
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MPlayer and Men- 
coder - another 
codec packages that 
you needed to play and edit movies in all 
formats. Medibuntu since has been closed 
and all its packages have been moved to 
the main repositories (except for libdvdcss 
mentioned above). 


PARTNERS AND SHOPPING SOURCES 
Some proprietary applications like Skype 
and VMware View Client aren’t offered in 
the Ubuntu’s standard repositories. Al- 
though these programs might be free (as in 


beer), they’re often under proprietary li- 
censes and are not provided with open 
sources. 

These third-party apps can often be 
found in the Canonical Partners repository 
that you must first activate. In Software 
Center, select Edit | Software Sources, click 
the Other Software tab, then activate the 
Canonical Partners entry. Again, it might 
take a while before the sources appear in 
Software Center. 

The For Purchase repository contains 
mainly software that you can purchase 
through Software Center - among which is 
this magazine in various language editions. 
Developers usually release the content of 
these sources on their release date. When 
you select the software and click Purchase, 
Software Center links to the Launchpad 
login page. You can log in to (or register at) 
the Ubuntu One service and pay via credit 
card. Apart from official DVD players, 
you'll also find nifty games such as Family 
Farm (Figure 4), Oil Rush, and World of 
Goo. The same payment plan applies to the 
repository named Independent. There, 
you'll find mainly apps of external devel- 
opers that put some minimal time into 
Ubuntu. Some of them are quite useful, 


Rhythmbox 


(q a 


Speaker 


000 


MP3 File 


[GStreamer Plugins] 


GStreamer ars 
MP3 Plugin w| il 


Figure 3: Rhythmbox and Totem rely on the GStreamer framework that provides the necessary plugins 


with new codecs. 


Figure 4: Running under Ubuntu, you'll find not only 1990s-style graphics but also visually appealing 
games, such as Family Farm. 
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however, because they’re meant to handle 
smaller tasks. 


Apose Propucts 

Loading the flashplugin-installer package 
on the computer brings in the latest Flash 
versions direct from the Adobe website. 
You might have installed Adobe’s PDF 
Reader from the partner repository in the 
past. However, you will only need it if 
Ubuntu’s Evince built-in PDF viewer has a 
break down opening a file - which does 
happen in rare cases with PDF files with 
3D content or very complicated graphics 
with many levels. For security reasons, you 
should avoid using Adobe Reader. 


SKYPE AND GOOGLE VIDEO 

Even the new version 4 of Skype is in the 
Canonical Partners repository. Apart from 
videotelephony, it also provides desktop 
sharing: To make collaboration easier, 
your conversational partner can peek at 
your desktop. Thanks to the new version, 
the image quality of Skype for Linux is 
gradually matching that of the Windows 
client. Be aware, though, that Skype is one 
of the pieces of software that most spies 
on your communications. If you value 
your privacy, don’t use it. 

As an alternative to Skype, check out 
Google’s Hangout video platform, which 
also allows calls among multiple partici- 
pants (Figure 5). You will need a Google 
account, so register at the Google website 
and then go to the left at the top of the 
Google+ profile. 

In the right-hand column, select Start 
Hangout and install a video plugin for 
your system. You can simply download the 
corresponding DEB package and double- 
click the file manager. 

Again, Google Hangouts are also suspect 
when it comes to user privacy. An experi- 
mental, but very secure and private alter- 
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Figure 5: Like Skype, Google Hangout provides video chat capability. 


native is Tox [6], a new, free, and open pro- 
tocol that implements peer-to-peer en- 
crypted live communication, including 
audio and video chats (Figure 6). Your best 
bet is to download the Tox client [7]. Then, 
you just have to decompress it, and it is 
ready to use. 


Gooste EARTH 

Those who enjoy using Google Earth [8] 
can also install it in Ubuntu 14.10. Just 
download the corresponding Debian pack- 
age for your architecture, then go to Soft- 
ware Center and install the Isb-core pack- 
age. Double-clicking the Google Earth 
package loads it on the computer, which 
can take a while mainly because the pack- 
age grabs additional files from an online 
server. Be sure you have enough free space 
reserved. Then, you can start Google Earth 
by entering goog in the Dash. Be fore- 
warned, however, Google Earth is no fun 
without proper 3D acceleration. 


THe New Java 
To use Java applications, you need a Java 
Runtime Environment (JRE). Ubuntu does 
not provide Oracle’s proprietary Java ver- 
sion anymore - only the free OpenJDK. Be- 
cause some Java programs had problems in 
the past with OpenJDK, many users often 
resorted to the proprietary Java (sun-java). 
But, that’s missing now because Oracle put 
it under a nonfree license. Because the pro- 
prietary Java is compatible with OpenJDK 
7 - the official Java reference - most Java 
programs should be able to make do with 
the free Java. 
You can install the software from the 
openjdk-7-jdk and icedtea-7-plugin pack- 
ages, and the older version from openjdk-6- 
jdk and icedtea-6-plugin via the following 
command: 


$ sudo update-alternatives --config java 


Figure 6: Tox keeps your conversations, even your video chats, private. 


This step activates one of the parallel in- 

stalled Java versions. If an app refuses to 
run, it’s best to submit a bug report at the 
Ubuntu wiki [9]. 


SEEK AND YOU SHALL FIND 

You can install many proprietary apps and 
multimedia codecs from the existing repos- 
itories. Numerous proprietary Windows 
programs also run in the Wine Windows- 
compatible environment [10]. Other than 
that, take a look in the Ubuntu package 
manager, because almost any application 
has a free alternative. « 


INFO 


[1] RipperX: http:/sourceforge.net/ 
projects/ripperx/ 

[2] Recording Blu-Ray disks: https:⁄/ 
help.ubuntu.com/community/ 
CdDvd/Burning#Blu-Ray_Burning 

[3] libdvdcss at VideoLan: http:⁄/ 
www.videolan.org/developers/ 


libdvdcss.html 

[4] LinDVD: http:/en.wikipedia.org/ 
wiki/LinDVD 

[5] Commercial GStreamer plugins: 
http://www. fluendo.com 


[6] “Safe Communication with Tox”, 
by Vincze-Aron Szabo, Ubuntu 
User Issue 24, p. 44: http://www. 
ubuntu-user.com/Magazine/ 
Archive/2015/24/ 
Safe-communication-with-Tox 

[7] ÎŒTox: http://utox.org/ 


[8] Google Earth: http:/www.google. 
com/earth/index.html 

[9] Reporting bugs: https:/help. 
ubuntu.com/community/ 
ReportingBugs 

[10] Wine: http:/www.winehq.org/ 
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Virtua Winoows XP. 


BY KEN HESS 


Linux and the virtual Windows XP machine 


RTUAL SETUP 


We show you how to use VirtualBox to 
set up a Windows XP virtual machine 
on your existing Linux system. 


khess@Kenbuntu: ~ 


ian virtualbox-dkms 


Figure 1: Installing VirtualBox via the command line on Ubuntu Linux. 


Create Virtual Hard Drive 


Hard drive file type 


Please choose the type of file that you would like to use for the new 
virtual hard drive. If you do not need to use it with other virtualization 
software you can leave this setting unchanged. 


@ VD! (VirtualBox Disk image) 
VMDK (Virtual Machine Disk) 
VHD (Virtual Hard Disk) 
HDD (Parallels Hard Disk) 
QED (QEMU enhanced disk) | 
QCOW (QEMU Copy-On-Write) | 


Hide Description Cancel 


biete. 


Figure 2: Selecting the VM's hard drive file type. 
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our Linux laptop can do a lot of 

things, but it cannot fully emu- 

late Windows nor can it run 

many essential Windows pro- 
grams. If you find yourself needing to 
run Windows applications, especially 
Windows legacy applications on Win- 
dows XP, there is a solution: virtual- 
ization. 

Running Windows XP in a virtual 
machine (VM) on your Linux laptop is 
a better solution than either reimaging 
your Linux system with XP or attempt- 
ing the often precarious task of setting 
up a Linux/Windows XP dual-boot sys- 
tem next to an existing Linux installa- 
tion. However, if your system has Win- 
dows XP installed on it, you can more 
easily set up a dual-boot Linux/Win- 
dows XP. 

This article describes how to set up 
a Windows XP virtual machine on 
your existing Linux system. In the pre- 
vious issue, I described how to set up 
a dual-boot Linux/Windows XP system 
that has Windows XP already in- 
stalled. 

For this article, I use Ubuntu 14.04 
for the existing Linux system, and I 
use Windows XP SP3 for the Windows 
existing system and the Windows VM. 
For the virtualization application, I use 
VirtualBox because it is easy to install, 
and it’s available for Windows, Mac 
OS X, as well as the various Linux dis- 
tributions. 


Appine A Winpows XP VM 10 A Linux 
SYSTEM 

You can download and install Virtual- 
Box [1] or, if your distribution has a 
prebuilt package, you can install di- 
rectly from the command line. Open a 
terminal window and refer to Figure 1 
to install VirtualBox. 

After installation completes, you 
launch VirtualBox by searching for it 
in your Unity menu or at the command 
line with: 


$ virtualbox & 


Click New to start the Create Virtual 
Machine interactive dialog. In the first 
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Create Virtual Hard Drive 


Storage on physical hard drive 


Please choose whether the new virtual hard drive file should grow as t 
is used (dynamically allocated) or if it should be created at its maximum 
size (Fixed size). 


A dynamically allocated hard drive file will only use space on your 
physical hard drive as it fills up (up to a maximum fixed size), although 
it will not shrink again automatically when space on itis Freed. 


A fixed size hard drive file may take longer to create on some systems 
butis often Faster to use. 


You can also choose to split the hard drive file into several files of up to 
two gigabytes each. This is mainly useful if you wish to store the virtual 


of your host sys- 


tem’s RAM 
(memory) to the 


VM. You can use 


the suggested 
number; in my 
case, for a 32-bi 
Windows XP 
VM, the recom- 
mended RAM is 
192MB, but I in- 


of space. As you add software to the 
VM, VirtualBox will allocate more 
space to accommodate the new space 
requirements - up to what you set as 
the size limit on the next screen. 

You can also choose to allocate all of 
e space now, which consumes more 
isk space on your host system, but 
Iso has the effect of slightly boosting 
he VM’s speed. 

Splitting your virtual disk into 2GB 


t 


cevaz 


cannot handle very large files. 
@ Dynamically allocated 
Fixed size 
& Splitinto files of tess than 2G8 


<Back 


machine on removable USB devices or old systems, some of which 


creased that to a 
more realistic 
512MB. Click 
Next to con- 
tinue. 

Next, you'll be 


Cancel 


Figure 3: Selecting the VM's disk storage method. 
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Figure 4: Selecting a CD/DVD source for Windows XP. 
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If, however, you 
work in a virtual- 
ized environment 


Figure 5: The VirtualBox Manager main screen. 


dialog, you need to enter the name of 
your new virtual machine. Then, you 
select Windows XP from the Type 
drop-down menu, select Windows XP 
(32-bit) or Windows XP (64-bit) for the 
version, and then click Next to con- 
tinue. 

You will also need to allocate some 
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and might want 

to share this VM 
with co-workers, you should select the 
hard drive file type that is compatible 
with their software. Make your selec- 
tion and click Next to continue. 

Dynamically allocating space will 

save disk space on your host system 
because a standard installation of Win- 
dows XP only requires a few gigabytes 


slices is only for ease of transport to 
another system or for use on certain 
file size limited devices such as USB 
disks. Personally, I always select to dy- 
namically allocate disk space and to 
split the virtual disk files into 2GB 
slices. Click Next to continue. 

The “File location and size” screen 
prompts you to enter a name and lo- 
cation for your virtual disk file. You 
can browse to the location or accept 
the default, as I have done, and give 
your virtual disk a name (e.g., Win- 
dows XP). 

You can use the slider or enter a size 
for your virtual machine’s disk. When 
you allocate space for your VM, be 
reasonable, but don’t provide too 
much or the space will be wasted. This 
is where dynamic allocation of space 
is preferable. You might set 50GB, as 
Tve done, for the virtual disk size, but 
if your VM only uses 20GB, you've 
save 30GB of disk space. Click Create 
to continue. 

Your virtual machine’s creation is 
now complete. 


INSTALLING Winpows XP INTO YOUR 
VIRTUAL MACHINE 

Now that you’ve built your virtual ma- 
chine, it’s time to install Windows XP 
into it, just as you would for a physical 
system. You have two ways to install 
Windows XP: via an ISO (CD Image 
File) or from physical media (CD or 
DVD) placed into your host system’s 
CD/DVD drive. 

To begin the Windows XP installa- 
tion process, click the Settings icon. In 
the left navigation pane, click Storage. 
Click the CD (empty) icon in the mid- 
dle pane under Storage Pane. 

In the far right pane (Attributes), 
click on the CD icon that has a drop- 
down menu (circled in red in Figure 4) 
that displays the physical CD/DVD 
drive and an option to choose a CD/ 
DVD disk file. 

If you have physical media, place it 
in the CD/DVD tray and close it. Oth- 
erwise, click the CD/DVD file option 
and browse to the Windows XP ISO 
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Figure 7: Selecting the virtual disk for installation. 


file, select it, and click the Open but- 
ton. The ISO image or physical CD/ 
DVD will now appear in the hardware 
ist on the main settings page of the 
virtual machine. 

Figure 3 displays the method of al- 
ocating space on your host system’s 
physical disk. Your choices are to dy- 
namically allocate space as needed or 
to allocate all of the VM’s virtual disk 
space now. 

You can also choose to split the vir- 
tual disk into 2GB files. I used a physi- 
cal CD as my source for the installa- 
tion. Click OK to return to the Virtual- 
Box Manager main screen. 

At the main screen, as shown in Fig- 
ure 5, click the Start icon to power on 
your virtual machine and begin the in- 
stallation process. Your VM will power 
up and boot to the CD/DVD source 
that you supplied in the previous sec- 
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tion and stop at the screen shown in 
Figure 6. Press the Enter key on this 
screen to continue. 

Figure 7 shows the next screen 
where you're required to respond to a 
prompt during your Windows XP 
setup. Here, you select the virtual 
disk that you created by pressing the 
Enter key. You will use the entire 
50GB disk, so you can ignore the 
other options. 

The installation to your virtual disk 
proceeds through various steps that 
you can watch on the screen, such as 
disk preparation and formatting, file 
copying, rebooting, and starting of the 
installation shell. 

During this process, you’re 
prompted for account information, 
logon preference, time zone, and sys- 
tem name. For the system name, keep 
it simple by only using numbers and 


letters, and use 15 or fewer characters 
with no spaces. 


POST-INSTALLATION TASKS 

After your Windows XP installation fin- 
ishes, you might receive a prompt that 
your system requires updates or that 
it’s vulnerable. You can set up system 
updates, if prompted, with Express In- 
stall, and click the Install button to 
continue. 

Your system will likely reboot after 
this process completes. If the system 
prompts you to reboot, do so. If you’re 
not prompted to set up updates, follow 
the procedure below to install updates 
for your system. 

Upon entering the system again, 
click Start | Windows Updates and nav- 
igate through the process of updating 
your system. More than 100 updates for 
Windows XP will be shown, and you’ll 
have to reboot after each set of up- 
dates. Repeat this process until there 
are no more updates for your system. 

As you probably know, Microsoft has 
stopped supporting Windows XP as of 
April 8, 2014. That means that once 
you've updated your system with the 
available updates, you will no longer 
have regular patches, service packs, or 
security updates for your system. 

When you start your XP VM, you’ll 
likely see a message asking you to ac- 
knowledge Windows XP end of sup- 
port. Click Don’t show this message 
again and then click OK to dismiss the 
message. 

There is a registry hack to receive fu- 
ture security updates, but Microsoft 
won’t test them against Windows XP, 
so use this hack at your own risk. I ad- 
vise against it. Instead, install a good 
antivirus program on your XP system. I 
recommend AVG’s free antivirus [2]. It 
will help keep your system secure. 

Your Windows XP system is now 
fully functional and ready to use, Vir- 
tual machines are exactly like physical 
machines in that you can install soft- 
ware, reboot, back up, and crash them. 
Additionally, your Windows XP VM 
should provide you with sufficient life 
until you can safely and reasonably mi- 
grate your legacy apps to a newer oper- 
ating system. e 


INFO 
[1] VirtualBox: https://www.virtualbox. 
org/wiki/Linux_Downloads 


[2] AVG Antivirus: http:/Awww.avg. 
com 
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Sponsored by USENIX in cooperation with LOPSA 


More craft. 
Less cruft. 


The LISA conference is where IT operations 
professionals, site reliability engineers, system 
administrators, architects, software engineers, 
and researchers come together, discuss, and 
gain real-world knowledge about designing, 
building, and maintaining the critical systems of 
our interconnected world. 


LISA15 will feature talks and training from: 


M Mikey Dickerson, United States Digital Service 

M Nick Feamster, Princeton University 

q Matt Harrison, Python/Data Science Trainer, Metasnake 
™ Elizabeth Joseph, Hewlett-Packard 

“q Tom Limoncelli, SRE, Stack Exchange, Inc 

M™ Dinah McNutt, Google, Inc 

~V James Mickens, Harvard University 

“q Chris Soghoian, American Civil Liberties Union 

M John Willis, Docker 


Register Today! 


Nov. 8 — 13, 2015 
Washington, D.C. 


usenix.org/lisa15 


MORE 


UBUNTU 


user 


UBUNTU! 


EXPLORING THE WORLD OF UBUNTU 


AN ILLUSTRATED GUIDE TO 


THE TERMINAL 


© The secrets of sed 


© Learn to loop 
© Cat, tac & everythin: 


Keep your disks safe with 
Gnome Disks 


Use the Rodent toolset to 
manage local and remote 1 


“TT 
Tojita: a lightweight imap | 
email client a | 
Learn professional typesetting 
for LibreOffice 


DISCOVERY GUIDE 


New to Ubuntu? + How to install Ubuntu 15.04 
Check out our special Get all your mult 

section for first-time + Go online with Ni 

users! p. + Package management 
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Ubuntu User is your roadmap to the Ubuntu 
community. In the pages of Ubuntu User, 
you'll learn about the latest tools, best tricks, 
and newest developments in the Ubuntu story. 


Ubuntu User helps you explore the treasures 
of open source software within Ubuntu's 
expansive repositories. We'll bring you 
exclusive interviews with Ubuntu leaders, keep 
you current on the exciting Ubuntu community, 
and answer your most perplexing Ubuntu 
questions. Learn how to choose a video 
editor, find the perfect tool to customize your 
desktop, and configure and manage Ubuntu 
systems using the best admin tools. 


SUBSCRIBE NOW: SHOP.LINUXNEWMEDIA.COM 


